-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
ASC_Azure_Defender_Servers_EnableP1_ResourceLevel_ByTag_DINE.json
112 lines (112 loc) · 3.93 KB
/
ASC_Azure_Defender_Servers_EnableP1_ResourceLevel_ByTag_DINE.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
{
"properties": {
"displayName": "Configure Azure Defender for Servers to be enabled ('P1' subplan) for all resources (resource level) with the selected tag",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Azure Defender for Servers provides real-time threat protection for server workloads and generates hardening recommendations as well as alerts about suspicious activities. This policy will enable the Defender for Servers plan (with 'P1' subplan) for all resources (VMs and ARC Machines) that have the selected tag name and tag value(s).",
"metadata": {
"version": "1.0.0",
"category": "Security Center - Granular Pricing"
},
"version": "1.0.0",
"parameters": {
"inclusionTagName": {
"type": "String",
"metadata": {
"displayName": "Inclusion Tag Name",
"description": "Name of the tag to use for including resources in the scope of this policy. This should be used along with the Inclusion Tag Value parameter."
},
"defaultValue": ""
},
"inclusionTagValues": {
"type": "Array",
"metadata": {
"displayName": "Inclusion Tag Values",
"description": "Value of the tag to use for including resources in the scope of this policy (in case of multiple values, use a comma-separated list). This should be used along with the Inclusion Tag Name parameter."
},
"defaultValue": []
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"in": [
"Microsoft.Compute/virtualMachines",
"Microsoft.HybridCompute/machines"
]
},
{
"field": "[concat('tags[', parameters('inclusionTagName'), ']')]",
"in": "[parameters('inclusionTagValues')]"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Security/pricings",
"name": "VirtualMachines",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"
],
"existenceCondition": {
"field": "Microsoft.Security/pricings/pricingTier",
"equals": "Standard"
},
"deployment": {
"properties": {
"mode": "incremental",
"parameters": {
"fullResourceName": {
"value": "[field('id')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"fullResourceName": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2024-01-01",
"scope": "[parameters('fullResourceName')]",
"name": "VirtualMachines",
"properties": {
"subplan": "P1",
"pricingTier": "Standard"
}
}
],
"outputs": {}
}
}
}
}
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/9e4879d9-c2a0-4e40-8017-1a5a5327c843",
"name": "9e4879d9-c2a0-4e40-8017-1a5a5327c843"
}