-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
ASC_Azure_Defender_ARM_DINE.json
108 lines (108 loc) · 3.6 KB
/
ASC_Azure_Defender_ARM_DINE.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
{
"properties": {
"displayName": "Configure Azure Defender for Resource Manager to be enabled",
"policyType": "BuiltIn",
"mode": "All",
"description": "Azure Defender for Resource Manager automatically monitors the resource management operations in your organization. Azure Defender detects threats and alerts you about suspicious activity. Learn more about the capabilities of Azure Defender for Resource Manager at https://aka.ms/defender-for-resource-manager . Enabling this Azure Defender plan results in charges. Learn about the pricing details per region on Security Center's pricing page: https://aka.ms/pricing-security-center .",
"metadata": {
"version": "1.1.0",
"category": "Security Center"
},
"version": "1.1.0",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "DeployIfNotExists",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
]
},
"subPlan": {
"type": "String",
"metadata": {
"displayName": "Defender for Resource Manager plans",
"description": "Select a Defender for Resource Manager plan"
},
"allowedValues": [
"PerSubscription",
"PerApiCall"
],
"defaultValue": "PerApiCall"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Resources/subscriptions"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Security/pricings",
"name": "Arm",
"deploymentScope": "subscription",
"existenceScope": "subscription",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"
],
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Security/pricings/pricingTier",
"equals": "Standard"
},
{
"field": "Microsoft.Security/pricings/subPlan",
"equals": "[parameters('subPlan')]"
}
]
},
"deployment": {
"location": "westeurope",
"properties": {
"mode": "incremental",
"parameters": {
"subPlan": {
"value": "[parameters('subPlan')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"subPlan": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2023-01-01",
"name": "Arm",
"properties": {
"pricingTier": "Standard",
"subPlan": "[parameters('subPlan')]"
}
}
],
"outputs": {}
}
}
}
}
}
},
"versions": [
"1.1.0",
"1.0.2"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9",
"name": "b7021b2b-08fd-4dc0-9de7-3c6ece09faf9"
}