-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
ASC_Azure_Defender_Servers_EnableP1_ResourceLevel_DINE.json
88 lines (88 loc) · 2.96 KB
/
ASC_Azure_Defender_Servers_EnableP1_ResourceLevel_DINE.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
{
"properties": {
"displayName": "Configure Azure Defender for Servers to be enabled (with 'P1' subplan) for all resources (resource level)",
"policyType": "BuiltIn",
"mode": "All",
"description": "Azure Defender for Servers provides real-time threat protection for server workloads and generates hardening recommendations as well as alerts about suspicious activities. This policy will enable the Defender for Servers plan (with 'P1' subplan) for all resources (VMs and ARC Machines) in the selected scope (subscription or resource group).",
"metadata": {
"version": "1.0.0",
"category": "Security Center - Granular Pricing"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"in": [
"Microsoft.Compute/virtualMachines",
"Microsoft.HybridCompute/machines"
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Security/pricings",
"name": "VirtualMachines",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"
],
"existenceCondition": {
"field": "Microsoft.Security/pricings/pricingTier",
"equals": "Standard"
},
"deployment": {
"properties": {
"mode": "incremental",
"parameters": {
"fullResourceName": {
"value": "[field('id')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"fullResourceName": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2024-01-01",
"scope": "[parameters('fullResourceName')]",
"name": "VirtualMachines",
"properties": {
"subplan": "P1",
"pricingTier": "Standard"
}
}
],
"outputs": {}
}
}
}
}
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/1b8c0040-b224-4ea1-be6a-47254dd5a207",
"name": "1b8c0040-b224-4ea1-be6a-47254dd5a207"
}