built-in-policies/policyDefinitions/Security Center/ASC_Azure_Defender_Containers_Full_Features_DINE.json

{
  "properties": {
    "displayName": "Configure Microsoft Defender for Containers plan",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "New capabilities are continuously being added to Defender for Containers plan, which may require the user's explicit enablement. Use this policy to make sure all new capabilities will be enabled.",
    "metadata": {
      "version": "1.0.0",
      "category": "Security Center"
    },
    "version": "1.0.0",
    "parameters": {
      "effect": {
        "type": "string",
        "defaultValue": "DeployIfNotExists",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "DeployIfNotExists",
          "Disabled"
        ]
      },
      "isContainerRegistriesVulnerabilityAssessmentsEnabled": {
        "type": "String",
        "metadata": {
          "displayName": "Container Registries Vulnerability Assessments Enabled",
          "description": "Controls the container registries vulnerability assessments add-on"
        },
        "allowedValues": [
          "true",
          "false"
        ],
        "defaultValue": "true"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Resources/subscriptions"
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/pricings",
          "name": "Containers",
          "deploymentScope": "subscription",
          "existenceScope": "subscription",
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
          ],
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Security/pricings/pricingTier",
                "equals": "Standard"
              },
              {
                "count": {
                  "field": "Microsoft.Security/pricings/extensions[*]",
                  "where": {
                    "allOf": [
                      {
                        "field": "Microsoft.Security/pricings/extensions[*].name",
                        "equals": "ContainerRegistriesVulnerabilityAssessments"
                      },
                      {
                        "field": "Microsoft.Security/pricings/extensions[*].isEnabled",
                        "equals": "[parameters('isContainerRegistriesVulnerabilityAssessmentsEnabled')]"
                      }
                    ]
                  }
                },
                "equals": 1
              }
            ]
          },
          "deployment": {
            "location": "westeurope",
            "properties": {
              "mode": "incremental",
              "parameters": {
                "isContainerRegistriesVulnerabilityAssessmentsEnabled": {
                  "value": "[parameters('isContainerRegistriesVulnerabilityAssessmentsEnabled')]"
                }
              },
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "isContainerRegistriesVulnerabilityAssessmentsEnabled": {
                    "type": "String"
                  }
                },
                "resources": [
                  {
                    "type": "Microsoft.Security/pricings",
                    "apiVersion": "2023-01-01",
                    "name": "Containers",
                    "properties": {
                      "pricingTier": "Standard",
                      "extensions": [
                        {
                          "name": "ContainerRegistriesVulnerabilityAssessments",
                          "isEnabled": "[parameters('isContainerRegistriesVulnerabilityAssessmentsEnabled')]"
                        }
                      ]
                    }
                  }
                ]
              }
            }
          }
        }
      }
    },
    "versions": [
      "1.0.0"
    ]
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/efd4031d-b232-4595-babf-ae817348e91b",
  "name": "efd4031d-b232-4595-babf-ae817348e91b"
}