-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
ASC_EnableAzureDefenderOnDns_Audit.json
52 lines (52 loc) · 1.66 KB
/
ASC_EnableAzureDefenderOnDns_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
{
"properties": {
"displayName": "[Deprecated]: Azure Defender for DNS should be enabled",
"policyType": "BuiltIn",
"mode": "All",
"description": "This policy definition is no longer the recommended way to achieve its intent, because DNS bundle is being deprecated. Instead of continuing to use this policy, we recommend you assign this replacement policy with policy ID 4da35fc9-c9e7-4960-aec9-797fe7d9051d. Learn more about policy definition deprecation at aka.ms/policydefdeprecation",
"metadata": {
"version": "1.1.0-deprecated",
"category": "Security Center",
"deprecated": true
},
"version": "1.1.0",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "Disabled",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Resources/subscriptions"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Security/pricings",
"name": "Dns",
"existenceScope": "subscription",
"existenceCondition": {
"field": "Microsoft.Security/pricings/pricingTier",
"equals": "Standard"
}
}
}
},
"versions": [
"1.1.0",
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/bdc59948-5574-49b3-bb91-76b7c986428d",
"name": "bdc59948-5574-49b3-bb91-76b7c986428d"
}