-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
ACAT_FirewallPolicy_EnableIDPS_Audit.json
56 lines (56 loc) · 1.77 KB
/
ACAT_FirewallPolicy_EnableIDPS_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
{
"properties": {
"displayName": "[Deprecated]: Firewall Policy Premium should enable the Intrusion Detection and Prevention System (IDPS)",
"policyType": "BuiltIn",
"description": "This policy is deprecated because Microsoft 365 App Compliance Program no longer requires Azure Firewall premium as the only network security control solution. Learn more details about the latest M365 APP Compliance requirements about network security controls at aka.ms/acat-cert2-seg-ops-nsc. Learn more about policy definition deprecation at aka.ms/policydefdeprecation.",
"mode": "Indexed",
"metadata": {
"version": "1.1.0-deprecated",
"category": "Network",
"deprecated": true
},
"version": "1.1.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Disabled"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/firewallPolicies"
},
{
"field": "Microsoft.Network/firewallPolicies/sku.tier",
"equals": "Premium"
},
{
"field": "Microsoft.Network/firewallPolicies/intrusionDetection.mode",
"equals": "off"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.1.0",
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a",
"name": "6484db87-a62d-4327-9f07-80a2cbdf333a"
}