/
MDC_MDE_WDATP_DINE.json
83 lines (83 loc) · 2.91 KB
/
MDC_MDE_WDATP_DINE.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
{
"properties": {
"displayName": "Configure Microsoft Defender for Endpoint integration settings with Microsoft Defender for Cloud (WDATP)",
"policyType": "BuiltIn",
"mode": "All",
"description": "Configures the Microsoft Defender for Endpoint integration settings, within Microsoft Defender for Cloud (also known as WDATP), for Windows downlevel machines onboarded to MDE via MMA, and auto provisioning of MDE on Windows Server 2019 , Windows Virtual Desktop and above. Must be turned on in order for the other settings (WDATP_UNIFIED, etc.) to work. See: https://learn.microsoft.com/azure/defender-for-cloud/integration-defender-for-endpoint for more information.",
"metadata": {
"version": "1.0.0",
"category": "Security Center"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Security/settings",
"name": "WDATP",
"deploymentScope": "subscription",
"existenceScope": "subscription",
"existenceCondition": {
"field": "Microsoft.Security/settings/DataExportSetting.enabled",
"equals": "true"
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"
],
"deployment": {
"location": "northeurope",
"properties": {
"mode": "incremental",
"parameters": {},
"template": {
"$schema": "http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Security/settings",
"apiVersion": "2022-05-01",
"name": "WDATP",
"kind": "DataExportSettings",
"properties": {
"enabled": "true"
}
}
],
"outputs": {}
}
}
}
}
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/da56d295-2889-41ce-a4cd-6f50fb93aa68",
"name": "da56d295-2889-41ce-a4cd-6f50fb93aa68"
}