Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Az Policy - retrieves built-in defs when specifying 'custom' - Azure Government #7522

Closed
CHDAFNI-MSFT opened this issue Oct 12, 2018 · 5 comments
Assignees
Labels
Policy Azure Resource Policy Service Attention This issue is responsible by Azure service team.

Comments

@CHDAFNI-MSFT
Copy link

CHDAFNI-MSFT commented Oct 12, 2018

Description

Within Azure Government, retrieving policy definitions and specifying 'Custom' still retrieves the built-in definition initiatives as well

Script/Steps for Reproduction

Get-AzPolicySetDefinition -ApiVersion '2018-03-01' -Custom

Module Version

    Directory: C:\Program Files\WindowsPowerShell\Modules


ModuleType Version    Name                                ExportedCommands                                                                                            
---------- -------    ----                                ----------------                                                                                            
Script     0.3.0      Az.Aks                              {Get-AzAks, New-AzAks, Remove-AzAks, Import-AzAksCredential, Start-AzAksDashboard, Stop-AzAksDashboard, S...
Script     0.2.2      Az.Aks                              {Get-AzAks, New-AzAks, Remove-AzAks, Import-AzAksCredential, Start-AzAksDashboard, Stop-AzAksDashboard, S...
Script     0.3.0      Az.AnalysisServices                 {Resume-AzAnalysisServicesServer, Suspend-AzAnalysisServicesServer, Get-AzAnalysisServicesServer, Remove-...
Script     0.2.2      Az.AnalysisServices                 {Resume-AzAnalysisServicesServer, Suspend-AzAnalysisServicesServer, Get-AzAnalysisServicesServer, Remove-...
Script     0.3.0      Az.ApiManagement                    {Add-AzApiManagementRegion, Get-AzApiManagementSsoToken, New-AzApiManagementHostnameConfiguration, New-Az...
Script     0.2.2      Az.ApiManagement                    {Add-AzApiManagementRegion, Get-AzApiManagementSsoToken, New-AzApiManagementHostnameConfiguration, New-Az...
Script     0.3.0      Az.ApplicationInsights              {Get-AzApplicationInsights, New-AzApplicationInsights, Remove-AzApplicationInsights, Set-AzApplicationIns...
Script     0.2.2      Az.ApplicationInsights              {Get-AzApplicationInsights, New-AzApplicationInsights, Remove-AzApplicationInsights, Set-AzApplicationIns...
Script     0.3.0      Az.Automation                       {Get-AzAutomationHybridWorkerGroup, Get-AzAutomationJobOutputRecord, Import-AzAutomationDscNodeConfigurat...
Script     0.2.2      Az.Automation                       {Get-AzAutomationHybridWorkerGroup, Get-AzAutomationJobOutputRecord, Import-AzAutomationDscNodeConfigurat...
Script     0.3.0      Az.Batch                            {Remove-AzBatchAccount, Get-AzBatchAccount, Get-AzBatchAccountKeys, New-AzBatchAccount, New-AzBatchAccoun...
Script     0.2.2      Az.Batch                            {Remove-AzBatchAccount, Get-AzBatchAccount, Get-AzBatchAccountKeys, New-AzBatchAccount, New-AzBatchAccoun...
Script     0.3.0      Az.Billing                          {Get-AzBillingInvoice, Get-AzBillingPeriod, Get-AzEnrollmentAccount}                                        
Script     0.2.2      Az.Billing                          {Get-AzBillingInvoice, Get-AzBillingPeriod, Get-AzEnrollmentAccount}                                        
Script     0.3.0      Az.Cdn                              {Get-AzCdnProfile, Get-AzCdnProfileSsoUrl, New-AzCdnProfile, Remove-AzCdnProfile, Set-AzCdnProfile, Get-A...
Script     0.2.2      Az.Cdn                              {Get-AzCdnProfile, Get-AzCdnProfileSsoUrl, New-AzCdnProfile, Remove-AzCdnProfile, Set-AzCdnProfile, Get-A...
Script     0.3.0      Az.CognitiveServices                {Get-AzCognitiveServicesAccount, Get-AzCognitiveServicesAccountKey, Get-AzCognitiveServicesAccountSkus, G...
Script     0.2.2      Az.CognitiveServices                {Get-AzCognitiveServicesAccount, Get-AzCognitiveServicesAccountKey, Get-AzCognitiveServicesAccountSkus, G...
Script     0.3.0      Az.Compute                          {Remove-AzAvailabilitySet, Get-AzAvailabilitySet, New-AzAvailabilitySet, Update-AzAvailabilitySet, Get-Az...
Script     0.2.2      Az.Compute                          {Remove-AzAvailabilitySet, Get-AzAvailabilitySet, New-AzAvailabilitySet, Update-AzAvailabilitySet, Get-Az...
Script     0.3.0      Az.Consumption                      {Get-AzConsumptionBudget, Get-AzConsumptionMarketplace, Get-AzConsumptionPriceSheet, Get-AzConsumptionRes...
Script     0.2.2      Az.Consumption                      {Get-AzConsumptionBudget, Get-AzConsumptionMarketplace, Get-AzConsumptionPriceSheet, Get-AzConsumptionRes...
Script     0.3.0      Az.ContainerInstance                {New-AzContainerGroup, Get-AzContainerGroup, Remove-AzContainerGroup, Get-AzContainerInstanceLog}           
Script     0.2.2      Az.ContainerInstance                {New-AzContainerGroup, Get-AzContainerGroup, Remove-AzContainerGroup, Get-AzContainerInstanceLog}           
Script     0.3.0      Az.ContainerRegistry                {New-AzContainerRegistry, Get-AzContainerRegistry, Update-AzContainerRegistry, Remove-AzContainerRegistry...
Script     0.2.2      Az.ContainerRegistry                {New-AzContainerRegistry, Get-AzContainerRegistry, Update-AzContainerRegistry, Remove-AzContainerRegistry...
Script     0.3.0      Az.DataLakeAnalytics                {Get-AzDataLakeAnalyticsDataSource, New-AzDataLakeAnalyticsCatalogCredential, Remove-AzDataLakeAnalyticsC...
Script     0.2.2      Az.DataLakeAnalytics                {Get-AzDataLakeAnalyticsDataSource, New-AzDataLakeAnalyticsCatalogCredential, Remove-AzDataLakeAnalyticsC...
Script     0.3.0      Az.DataLakeStore                    {Get-AzDataLakeStoreTrustedIdProvider, Remove-AzDataLakeStoreTrustedIdProvider, Remove-AzDataLakeStoreFir...
Script     0.2.2      Az.DataLakeStore                    {Get-AzDataLakeStoreTrustedIdProvider, Remove-AzDataLakeStoreTrustedIdProvider, Remove-AzDataLakeStoreFir...
Script     0.3.0      Az.DevTestLabs                      {Get-AzDtlAllowedVMSizesPolicy, Get-AzDtlAutoShutdownPolicy, Get-AzDtlAutoStartPolicy, Get-AzDtlVMsPerLab...
Script     0.2.2      Az.DevTestLabs                      {Get-AzDtlAllowedVMSizesPolicy, Get-AzDtlAutoShutdownPolicy, Get-AzDtlAutoStartPolicy, Get-AzDtlVMsPerLab...
Script     0.3.0      Az.Dns                              {Get-AzDnsRecordSet, New-AzDnsRecordConfig, Remove-AzDnsRecordSet, Set-AzDnsRecordSet, Remove-AzDnsRecord...
Script     0.2.2      Az.Dns                              {Get-AzDnsRecordSet, New-AzDnsRecordConfig, Remove-AzDnsRecordSet, Set-AzDnsRecordSet, Remove-AzDnsRecord...
Script     0.3.0      Az.EventGrid                        {New-AzEventGridTopic, Get-AzEventGridTopic, Set-AzEventGridTopic, New-AzEventGridTopicKey, Get-AzEventGr...
Script     0.2.2      Az.EventGrid                        {New-AzEventGridTopic, Get-AzEventGridTopic, Set-AzEventGridTopic, New-AzEventGridTopicKey, Get-AzEventGr...
Script     0.3.0      Az.EventHub                         {New-AzEventHubNamespace, Get-AzEventHubNamespace, Set-AzEventHubNamespace, Remove-AzEventHubNamespace, N...
Script     0.2.2      Az.EventHub                         {New-AzEventHubNamespace, Get-AzEventHubNamespace, Set-AzEventHubNamespace, Remove-AzEventHubNamespace, N...
Script     0.3.0      Az.Insights                         {Get-AzMetricDefinition, Get-AzMetric, Remove-AzLogProfile, Get-AzLogProfile, Add-AzLogProfile, Get-AzLog...
Script     0.2.2      Az.Insights                         {Get-AzMetricDefinition, Get-AzMetric, Remove-AzLogProfile, Get-AzLogProfile, Add-AzLogProfile, Get-AzLog...
Script     0.3.0      Az.IotHub                           {Add-AzIotHubKey, Get-AzIotHubEventHubConsumerGroup, Get-AzIotHubConnectionString, Get-AzIotHubJob, Get-A...
Script     0.2.2      Az.IotHub                           {Add-AzIotHubKey, Get-AzIotHubEventHubConsumerGroup, Get-AzIotHubConnectionString, Get-AzIotHubJob, Get-A...
Script     0.3.0      Az.KeyVault                         {Add-AzKeyVaultCertificate, Update-AzKeyVaultCertificate, Stop-AzKeyVaultCertificateOperation, Get-AzKeyV...
Script     0.2.2      Az.KeyVault                         {Add-AzKeyVaultCertificate, Update-AzKeyVaultCertificate, Stop-AzKeyVaultCertificateOperation, Get-AzKeyV...
Script     0.3.0      Az.LogicApp                         {Get-AzIntegrationAccountAgreement, Get-AzIntegrationAccountCallbackUrl, Get-AzIntegrationAccountCertific...
Script     0.2.2      Az.LogicApp                         {Get-AzIntegrationAccountAgreement, Get-AzIntegrationAccountCallbackUrl, Get-AzIntegrationAccountCertific...
Script     0.3.0      Az.MachineLearning                  {Move-AzMlCommitmentAssociation, Get-AzMlCommitmentAssociation, Get-AzMlCommitmentPlanUsageHistory, Remov...
Script     0.2.2      Az.MachineLearning                  {Move-AzMlCommitmentAssociation, Get-AzMlCommitmentAssociation, Get-AzMlCommitmentPlanUsageHistory, Remov...
Script     0.3.0      Az.MachineLearningCompute           {Get-AzMlOpCluster, Get-AzMlOpClusterKey, Test-AzMlOpClusterSystemServicesUpdateAvailability, Update-AzMl...
Script     0.2.2      Az.MachineLearningCompute           {Get-AzMlOpCluster, Get-AzMlOpClusterKey, Test-AzMlOpClusterSystemServicesUpdateAvailability, Update-AzMl...
Script     0.3.0      Az.MarketplaceOrdering              {Get-AzMarketplaceTerms, Set-AzMarketplaceTerms}                                                            
Script     0.2.2      Az.MarketplaceOrdering              {Get-AzMarketplaceTerms, Set-AzMarketplaceTerms}                                                            
Script     0.3.0      Az.Media                            {Sync-AzMediaServiceStorageKeys, Set-AzMediaServiceKey, Get-AzMediaServiceKeys, Get-AzMediaServiceNameAva...
Script     0.2.2      Az.Media                            {Sync-AzMediaServiceStorageKeys, Set-AzMediaServiceKey, Get-AzMediaServiceKeys, Get-AzMediaServiceNameAva...
Script     0.3.0      Az.Network                          {Add-AzApplicationGatewayAuthenticationCertificate, Get-AzApplicationGatewayAuthenticationCertificate, Ne...
Script     0.2.2      Az.Network                          {Add-AzApplicationGatewayAuthenticationCertificate, Get-AzApplicationGatewayAuthenticationCertificate, Ne...
Script     0.3.0      Az.NotificationHubs                 {Get-AzNotificationHub, Get-AzNotificationHubAuthorizationRules, Get-AzNotificationHubListKeys, Get-AzNot...
Script     0.2.2      Az.NotificationHubs                 {Get-AzNotificationHub, Get-AzNotificationHubAuthorizationRules, Get-AzNotificationHubListKeys, Get-AzNot...
Script     0.3.0      Az.OperationalInsights              {New-AzOperationalInsightsAzureActivityLogDataSource, New-AzOperationalInsightsCustomLogDataSource, Disab...
Script     0.2.2      Az.OperationalInsights              {New-AzOperationalInsightsAzureActivityLogDataSource, New-AzOperationalInsightsCustomLogDataSource, Disab...
Script     0.3.0      Az.PolicyInsights                   {Get-AzPolicyEvent, Get-AzPolicyState, Get-AzPolicyStateSummary}                                            
Script     0.2.2      Az.PolicyInsights                   {Get-AzPolicyEvent, Get-AzPolicyState, Get-AzPolicyStateSummary}                                            
Script     0.3.0      Az.PowerBIEmbedded                  {Remove-AzPowerBIWorkspaceCollection, Get-AzPowerBIWorkspaceCollection, Get-AzPowerBIWorkspaceCollectionA...
Script     0.2.2      Az.PowerBIEmbedded                  {Remove-AzPowerBIWorkspaceCollection, Get-AzPowerBIWorkspaceCollection, Get-AzPowerBIWorkspaceCollectionA...
Script     0.3.0      Az.Profile                          {Disable-AzDataCollection, Disable-AzContextAutosave, Enable-AzDataCollection, Enable-AzContextAutosave, ...
Script     0.2.2      Az.Profile                          {Disable-AzDataCollection, Disable-AzContextAutosave, Enable-AzDataCollection, Enable-AzContextAutosave, ...
Script     0.3.0      Az.RedisCache                       {Remove-AzRedisCachePatchSchedule, New-AzRedisCacheScheduleEntry, Get-AzRedisCachePatchSchedule, New-AzRe...
Script     0.2.2      Az.RedisCache                       {Remove-AzRedisCachePatchSchedule, New-AzRedisCacheScheduleEntry, Get-AzRedisCachePatchSchedule, New-AzRe...
Script     0.3.0      Az.Relay                            {New-AzRelayNamespace, Get-AzRelayNamespace, Set-AzRelayNamespace, Remove-AzRelayNamespace, New-AzWcfRela...
Script     0.2.2      Az.Relay                            {New-AzRelayNamespace, Get-AzRelayNamespace, Set-AzRelayNamespace, Remove-AzRelayNamespace, New-AzWcfRela...
Script     0.3.0      Az.Resources                        {Get-AzProviderOperation, Remove-AzRoleAssignment, Get-AzRoleAssignment, New-AzRoleAssignment, Get-AzRole...
Script     0.2.2      Az.Resources                        {Get-AzProviderOperation, Remove-AzRoleAssignment, Get-AzRoleAssignment, New-AzRoleAssignment, Get-AzRole...
Script     0.3.0      Az.ServiceBus                       {New-AzServiceBusNamespace, Get-AzServiceBusNamespace, Set-AzServiceBusNamespace, Remove-AzServiceBusName...
Script     0.2.2      Az.ServiceBus                       {New-AzServiceBusNamespace, Get-AzServiceBusNamespace, Set-AzServiceBusNamespace, Remove-AzServiceBusName...
Script     0.3.0      Az.ServiceFabric                    {Add-AzServiceFabricApplicationCertificate, Add-AzServiceFabricClientCertificate, Add-AzServiceFabricClus...
Script     0.2.2      Az.ServiceFabric                    {Add-AzServiceFabricApplicationCertificate, Add-AzServiceFabricClientCertificate, Add-AzServiceFabricClus...
Script     0.3.0      Az.SignalR                          {New-AzSignalR, Get-AzSignalR, Get-AzSignalRKey, New-AzSignalRKey, Remove-AzSignalR}                        
Script     0.3.0      Az.Sql                              {Get-AzSqlDatabaseTransparentDataEncryption, Get-AzSqlDatabaseTransparentDataEncryptionActivity, Set-AzSq...
Script     0.2.3      Az.Sql                              {Get-AzSqlDatabaseTransparentDataEncryption, Get-AzSqlDatabaseTransparentDataEncryptionActivity, Set-AzSq...
Script     0.3.0      Az.Storage                          {Get-AzStorageAccount, Get-AzStorageAccountKey, New-AzStorageAccount, New-AzStorageAccountKey, Remove-AzS...
Script     0.2.2      Az.Storage                          {Get-AzStorageAccount, Get-AzStorageAccountKey, New-AzStorageAccount, New-AzStorageAccountKey, Remove-AzS...
Script     0.3.0      Az.StreamAnalytics                  {Get-AzStreamAnalyticsFunction, Get-AzStreamAnalyticsDefaultFunctionDefinition, New-AzStreamAnalyticsFunc...
Script     0.2.2      Az.StreamAnalytics                  {Get-AzStreamAnalyticsFunction, Get-AzStreamAnalyticsDefaultFunctionDefinition, New-AzStreamAnalyticsFunc...
Script     0.3.0      Az.Tags                             {Remove-AzTag, Get-AzTag, New-AzTag}                                                                        
Script     0.2.2      Az.Tags                             {Remove-AzTag, Get-AzTag, New-AzTag}                                                                        
Script     0.3.0      Az.TrafficManager                   {Add-AzTrafficManagerCustomHeaderToEndpoint, Remove-AzTrafficManagerCustomHeaderFromEndpoint, Add-AzTraff...
Script     0.2.2      Az.TrafficManager                   {Add-AzTrafficManagerCustomHeaderToEndpoint, Remove-AzTrafficManagerCustomHeaderFromEndpoint, Add-AzTraff...
Script     0.3.0      Az.UsageAggregates                  Get-UsageAggregates                                                                                         
Script     0.2.2      Az.UsageAggregates                  Get-UsageAggregates                                                                                         
Script     0.3.0      Az.Websites                         {Get-AzAppServicePlan, Set-AzAppServicePlan, New-AzAppServicePlan, Remove-AzAppServicePlan, Get-AzWebAppS...
Script     0.2.2      Az.Websites                         {Get-AzAppServicePlan, Set-AzAppServicePlan, New-AzAppServicePlan, Remove-AzAppServicePlan, Get-AzWebAppS...
Script     1.0.1      Microsoft.PowerShell.Operation.V... {Get-OperationValidation, Invoke-OperationValidation}                                                       
Binary     1.0.0.1    PackageManagement                   {Find-Package, Get-Package, Get-PackageProvider, Get-PackageSource, Install-Package, Import-PackageProvid...
Script     3.4.0      Pester                              {Describe, Context, It, Should, Mock, Assert-MockCalled, Assert-VerifiableMocks, New-Fixture, Get-TestDri...
Script     1.0.0.1    PowerShellGet                       {Install-Module, Find-Module, Save-Module, Update-Module, Publish-Module, Get-InstalledModule, Uninstall-...
Script     2.0.0      PSReadline                          {Get-PSReadLineKeyHandler, Set-PSReadLineKeyHandler, Remove-PSReadLineKeyHandler, Get-PSReadLineOption, S...


    Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules


ModuleType Version    Name                                ExportedCommands                                                                                            
---------- -------    ----                                ----------------                                                                                            
Manifest   1.0.0.0    AppBackgroundTask                   {Disable-AppBackgroundTaskDiagnosticLog, Enable-AppBackgroundTaskDiagnosticLog, Set-AppBackgroundTaskReso...
Manifest   2.0.0.0    AppLocker                           {Get-AppLockerFileInformation, Get-AppLockerPolicy, New-AppLockerPolicy, Set-AppLockerPolicy, Test-AppLoc...
Manifest   1.0.0.0    AppvClient                          {Add-AppvClientConnectionGroup, Add-AppvClientPackage, Add-AppvPublishingServer, Disable-Appv, Disable-Ap...
Manifest   2.0.1.0    Appx                                {Add-AppxPackage, Get-AppxPackage, Get-AppxPackageManifest, Remove-AppxPackage, Get-AppxVolume, Add-AppxV...
Script     1.0.0.0    AssignedAccess                      {Clear-AssignedAccess, Get-AssignedAccess, Set-AssignedAccess}                                              
Manifest   1.0.0.0    BitLocker                           {Unlock-BitLocker, Suspend-BitLocker, Resume-BitLocker, Remove-BitLockerKeyProtector, Lock-BitLocker, Get...
Manifest   2.0.0.0    BitsTransfer                        {Add-BitsFile, Complete-BitsTransfer, Get-BitsTransfer, Remove-BitsTransfer, Resume-BitsTransfer, Set-Bit...
Manifest   1.0.0.0    BranchCache                         {Add-BCDataCacheExtension, Clear-BCCache, Disable-BC, Disable-BCDowngrading, Disable-BCServeOnBattery, En...
Manifest   1.0.0.0    CimCmdlets                          {Get-CimAssociatedInstance, Get-CimClass, Get-CimInstance, Get-CimSession, Invoke-CimMethod, New-CimInsta...
Manifest   1.0        ConfigCI                            {Get-SystemDriver, New-CIPolicyRule, New-CIPolicy, Get-CIPolicy, Merge-CIPolicy, Remove-CIPolicyRule, Edi...
Manifest   1.0        Defender                            {Get-MpPreference, Set-MpPreference, Add-MpPreference, Remove-MpPreference, Get-MpComputerStatus, Get-MpT...
Manifest   1.0.1.0    DeliveryOptimization                {Get-DeliveryOptimizationStatus, Get-DeliveryOptimizationPerfSnap, Get-DeliveryOptimizationLog, Get-DOCon...
Manifest   1.0.0.0    DirectAccessClientComponents        {Disable-DAManualEntryPointSelection, Enable-DAManualEntryPointSelection, Get-DAClientExperienceConfigura...
Script     3.0        Dism                                {Add-AppxProvisionedPackage, Add-WindowsDriver, Add-WindowsCapability, Add-WindowsImage, Add-WindowsPacka...
Manifest   1.0.0.0    DnsClient                           {Resolve-DnsName, Clear-DnsClientCache, Get-DnsClient, Get-DnsClientCache, Get-DnsClientGlobalSetting, Ge...
Manifest   1.0.0.0    EventTracingManagement              {Start-EtwTraceSession, New-EtwTraceSession, Get-EtwTraceSession, Update-EtwTraceSession, Set-EtwTraceSes...
Manifest   2.0.0.0    International                       {Get-WinDefaultInputMethodOverride, Set-WinDefaultInputMethodOverride, Get-WinHomeLocation, Set-WinHomeLo...
Manifest   1.0.0.0    iSCSI                               {Get-IscsiTargetPortal, New-IscsiTargetPortal, Remove-IscsiTargetPortal, Update-IscsiTargetPortal, Get-Is...
Script     1.0.0.0    ISE                                 {New-IseSnippet, Import-IseSnippet, Get-IseSnippet}                                                         
Manifest   1.0.0.0    Kds                                 {Add-KdsRootKey, Get-KdsRootKey, Test-KdsRootKey, Set-KdsConfiguration, Get-KdsConfiguration, Clear-KdsCa...
Manifest   1.0.1.0    Microsoft.PowerShell.Archive        {Compress-Archive, Expand-Archive}                                                                          
Manifest   3.0.0.0    Microsoft.PowerShell.Diagnostics    {Get-WinEvent, Get-Counter, Import-Counter, Export-Counter, New-WinEvent}                                   
Manifest   3.0.0.0    Microsoft.PowerShell.Host           {Start-Transcript, Stop-Transcript}                                                                         
Manifest   1.0.0.0    Microsoft.PowerShell.LocalAccounts  {Add-LocalGroupMember, Disable-LocalUser, Enable-LocalUser, Get-LocalGroup, Get-LocalGroupMember, Get-Loc...
Manifest   3.1.0.0    Microsoft.PowerShell.Management     {Add-Content, Clear-Content, Clear-ItemProperty, Join-Path, Convert-Path, Copy-ItemProperty, Get-EventLog...
Script     1.0        Microsoft.PowerShell.ODataUtils     Export-ODataEndpointProxy                                                                                   
Manifest   3.0.0.0    Microsoft.PowerShell.Security       {Get-Acl, Set-Acl, Get-PfxCertificate, Get-Credential, Get-ExecutionPolicy, Set-ExecutionPolicy, Get-Auth...
Manifest   3.1.0.0    Microsoft.PowerShell.Utility        {Format-List, Format-Custom, Format-Table, Format-Wide, Out-File, Out-Printer, Out-String, Out-GridView, ...
Manifest   3.0.0.0    Microsoft.WSMan.Management          {Disable-WSManCredSSP, Enable-WSManCredSSP, Get-WSManCredSSP, Set-WSManQuickConfig, Test-WSMan, Invoke-WS...
Manifest   1.0        MMAgent                             {Disable-MMAgent, Enable-MMAgent, Set-MMAgent, Get-MMAgent, Debug-MMAppPrelaunch}                           
Manifest   1.0.0.0    MsDtc                               {New-DtcDiagnosticTransaction, Complete-DtcDiagnosticTransaction, Join-DtcDiagnosticResourceManager, Rece...
Manifest   2.0.0.0    NetAdapter                          {Disable-NetAdapter, Disable-NetAdapterBinding, Disable-NetAdapterChecksumOffload, Disable-NetAdapterEnca...
Manifest   1.0.0.0    NetConnection                       {Get-NetConnectionProfile, Set-NetConnectionProfile}                                                        
Manifest   1.0.0.0    NetDiagnostics                      Get-NetView                                                                                                 
Manifest   1.0.0.0    NetEventPacketCapture               {New-NetEventSession, Remove-NetEventSession, Get-NetEventSession, Set-NetEventSession, Start-NetEventSes...
Manifest   2.0.0.0    NetLbfo                             {Add-NetLbfoTeamMember, Add-NetLbfoTeamNic, Get-NetLbfoTeam, Get-NetLbfoTeamMember, Get-NetLbfoTeamNic, N...
Manifest   1.0.0.0    NetNat                              {Get-NetNat, Get-NetNatExternalAddress, Get-NetNatStaticMapping, Get-NetNatSession, Get-NetNatGlobal, Set...
Manifest   2.0.0.0    NetQos                              {Get-NetQosPolicy, Set-NetQosPolicy, Remove-NetQosPolicy, New-NetQosPolicy}                                 
Manifest   2.0.0.0    NetSecurity                         {Get-DAPolicyChange, New-NetIPsecAuthProposal, New-NetIPsecMainModeCryptoProposal, New-NetIPsecQuickModeC...
Manifest   1.0.0.0    NetSwitchTeam                       {New-NetSwitchTeam, Remove-NetSwitchTeam, Get-NetSwitchTeam, Rename-NetSwitchTeam, Add-NetSwitchTeamMembe...
Manifest   1.0.0.0    NetTCPIP                            {Get-NetIPAddress, Get-NetIPInterface, Get-NetIPv4Protocol, Get-NetIPv6Protocol, Get-NetNeighbor, Get-Net...
Manifest   1.0.0.0    NetworkConnectivityStatus           {Get-DAConnectionStatus, Get-NCSIPolicyConfiguration, Reset-NCSIPolicyConfiguration, Set-NCSIPolicyConfig...
Manifest   1.0.0.0    NetworkSwitchManager                {Disable-NetworkSwitchEthernetPort, Enable-NetworkSwitchEthernetPort, Get-NetworkSwitchEthernetPort, Remo...
Manifest   1.0.0.0    NetworkTransition                   {Add-NetIPHttpsCertBinding, Disable-NetDnsTransitionConfiguration, Disable-NetIPHttpsProfile, Disable-Net...
Manifest   1.0.0.0    PcsvDevice                          {Get-PcsvDevice, Start-PcsvDevice, Stop-PcsvDevice, Restart-PcsvDevice, Set-PcsvDeviceBootConfiguration, ...
Binary     1.0.0.0    PersistentMemory                    {Get-PmemDisk, Get-PmemPhysicalDevice, Get-PmemUnusedRegion, New-PmemDisk, Remove-PmemDisk, Initialize-Pm...
Manifest   1.0.0.0    PKI                                 {Add-CertificateEnrollmentPolicyServer, Export-Certificate, Export-PfxCertificate, Get-CertificateAutoEnr...
Manifest   1.0.0.0    PnpDevice                           {Get-PnpDevice, Get-PnpDeviceProperty, Enable-PnpDevice, Disable-PnpDevice}                                 
Manifest   1.1        PrintManagement                     {Add-Printer, Add-PrinterDriver, Add-PrinterPort, Get-PrintConfiguration, Get-Printer, Get-PrinterDriver,...
Binary     1.0.11     ProcessMitigations                  {Get-ProcessMitigation, Set-ProcessMitigation, ConvertTo-ProcessMitigationPolicy}                           
Script     3.0        Provisioning                        {Install-ProvisioningPackage, Export-ProvisioningPackage, Install-TrustedProvisioningCertificate, Export-...
Manifest   1.1        PSDesiredStateConfiguration         {Set-DscLocalConfigurationManager, Start-DscConfiguration, Test-DscConfiguration, Publish-DscConfiguratio...
Script     1.0.0.0    PSDiagnostics                       {Disable-PSTrace, Disable-PSWSManCombinedTrace, Disable-WSManTrace, Enable-PSTrace, Enable-PSWSManCombine...
Binary     1.1.0.0    PSScheduledJob                      {New-JobTrigger, Add-JobTrigger, Remove-JobTrigger, Get-JobTrigger, Set-JobTrigger, Enable-JobTrigger, Di...
Manifest   2.0.0.0    PSWorkflow                          {New-PSWorkflowExecutionOption, New-PSWorkflowSession, nwsn}                                                
Manifest   1.0.0.0    PSWorkflowUtility                   Invoke-AsWorkflow                                                                                           
Manifest   1.0.0.0    ScheduledTasks                      {Get-ScheduledTask, Set-ScheduledTask, Register-ScheduledTask, Unregister-ScheduledTask, Enable-Scheduled...
Manifest   2.0.0.0    SecureBoot                          {Confirm-SecureBootUEFI, Set-SecureBootUEFI, Get-SecureBootUEFI, Format-SecureBootUEFI, Get-SecureBootPol...
Manifest   2.0.0.0    SmbShare                            {Get-SmbShare, Remove-SmbShare, Set-SmbShare, Block-SmbShareAccess, Unblock-SmbShareAccess, Grant-SmbShar...
Manifest   2.0.0.0    SmbWitness                          {Get-SmbWitnessClient, Move-SmbWitnessClient, gsmbw, msmbw, Move-SmbClient}                                 
Manifest   1.0.0.0    StartLayout                         {Export-StartLayout, Import-StartLayout, Export-StartLayoutEdgeAssets, Get-StartApps}                       
Manifest   2.0.0.0    Storage                             {Add-InitiatorIdToMaskingSet, Add-PartitionAccessPath, Add-PhysicalDisk, Add-StorageFaultDomain, Add-Targ...
Manifest   1.0.0.0    StorageBusCache                     {Clear-StorageBusDisk, Disable-StorageBusCache, Disable-StorageBusDisk, Enable-StorageBusCache, Enable-St...
Manifest   2.0.0.0    TLS                                 {New-TlsSessionTicketKey, Enable-TlsSessionTicketKey, Disable-TlsSessionTicketKey, Export-TlsSessionTicke...
Manifest   1.0.0.0    TroubleshootingPack                 {Get-TroubleshootingPack, Invoke-TroubleshootingPack}                                                       
Manifest   2.0.0.0    TrustedPlatformModule               {Get-Tpm, Initialize-Tpm, Clear-Tpm, Unblock-Tpm, Enable-TpmAutoProvisioning, Disable-TpmAutoProvisioning...
Binary     2.1.639.0  UEV                                 {Clear-UevConfiguration, Clear-UevAppxPackage, Restore-UevBackup, Set-UevTemplateProfile, Disable-UevAppx...
Manifest   2.0.0.0    VpnClient                           {Add-VpnConnection, Set-VpnConnection, Remove-VpnConnection, Get-VpnConnection, New-EapConfiguration, Set...
Manifest   1.0.0.0    Wdac                                {Get-OdbcDriver, Set-OdbcDriver, Get-OdbcDsn, Add-OdbcDsn, Set-OdbcDsn, Remove-OdbcDsn, Get-OdbcPerfCount...
Manifest   1.0.0.0    WindowsDeveloperLicense             {Get-WindowsDeveloperLicense, Unregister-WindowsDeveloperLicense, Show-WindowsDeveloperLicenseRegistration} 
Script     1.0        WindowsErrorReporting               {Enable-WindowsErrorReporting, Disable-WindowsErrorReporting, Get-WindowsErrorReporting}                    
Manifest   1.0.0.0    WindowsSearch                       {Get-WindowsSearchSetting, Set-WindowsSearchSetting}                                                        
Manifest   1.0.0.0    WindowsUpdate                       Get-WindowsUpdateLog                                                                                        
Manifest   1.0.0.2    WindowsUpdateProvider               {Get-WUAVersion, Get-WULastInstallationDate, Get-WULastScanSuccessDate, Get-WUIsPendingReboot, Install-WU...

Environment Data

Name                           Value                                                                                                                                  
----                           -----                                                                                                                                  
PSVersion                      5.1.17763.1                                                                                                                            
PSEdition                      Desktop                                                                                                                                
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17763.1}                                                                                                 
BuildVersion                   10.0.17763.1                                                                                                                           
CLRVersion                     4.0.30319.42000                                                                                                                        
WSManStackVersion              3.0                                                                                                                                    
PSRemotingProtocolVersion      2.3                                                                                                                                    
SerializationVersion           1.1.0.1                                                                                                                                

Debug Output

PS C:\Users\chdafni> Get-AzPolicySetDefinition -ApiVersion '2018-03-01' -Custom -Debug
DEBUG: 7:54:44 PM - GetAzurePolicySetDefinitionCmdlet begin processing with ParameterSet 'CustomFilterParameterSet'.
DEBUG: 7:54:47 PM - using account id 'admin@DaftekGov.onmicrosoft.com'...
DEBUG: [Common.Authentication]: Authenticating using Account: 'admin@DaftekGov.onmicrosoft.com', environment: 'AzureUSGovernment', tenant: '14509250-c091-42b5-ae14-3de
91b64a2f4'
DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain: '14509250-c091-42b5-ae14-3de91b64a2f4', Endpoint: 'https://login.microsoftonline.us/
', ClientId: '1950a258-227b-4e31-a9cf-717495945fc2', ClientRedirect: 'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri: 'https://management.core.usgovcloudapi.net/', Vali
dateAuthrity: 'True'
DEBUG: [Common.Authentication]: Acquiring token using context with Authority 'https://login.microsoftonline.us/14509250-c091-42b5-ae14-3de91b64a2f4/', CorrelationId: '
00000000-0000-0000-0000-000000000000', ValidateAuthority: 'True'
DEBUG: [Common.Authentication]: Acquiring token using AdalConfiguration with Domain: '14509250-c091-42b5-ae14-3de91b64a2f4', AdEndpoint: 'https://login.microsoftonline
.us/', ClientId: '1950a258-227b-4e31-a9cf-717495945fc2', ClientRedirectUri: urn:ietf:wg:oauth:2.0:oob
DEBUG: [Common.Authentication]: Received token with LoginType 'LiveId', Tenant: '14509250-c091-42b5-ae14-3de91b64a2f4', UserId: 'admin@DaftekGov.onmicrosoft.com'
DEBUG: [Common.Authentication]: Renewing Token with Type: 'Bearer', Expiry: '10/12/2018 00:54:50 +00:00', MultipleResource? 'True', Tenant: '14509250-c091-42b5-ae14-3d
e91b64a2f4', UserId: 'admin@DaftekGov.onmicrosoft.com'
DEBUG: [Common.Authentication]: User info for token DisplayId: 'admin@DaftekGov.onmicrosoft.com', Name:  , IdProvider: 'https://sts.windows.net/14509250-c091-42b5-ae14
-3de91b64a2f4/', Uid: '4cf99c6f-c897-4d81-ac1b-abd3e5eec57a'
DEBUG: [Common.Authentication]: Checking token expiration, token expires '10/12/2018 00:54:50 +00:00' Comparing to '10/11/2018 23:54:50 +00:00' With threshold '00:05:0
0', calculated time until token expiry: '00:59:59.9724346'
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.usgovcloudapi.net/subscriptions/5cd20112-b6fc-4d19-a3b9-d60c566107d4/providers/Microsoft.Authorization/policysetdefinitions?api-version=2018-03-01

Headers:
User-Agent                    : AzurePowershell/v6.9.0,PSVersion/v5.1.17763.1
ParameterSetName              : CustomFilterParameterSet
CommandName                   : Get-AzPolicySetDefinition

Body:



DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
Vary                          : Accept-Encoding
x-ms-request-id               : usdodcentral:85dc1d84-d5e2-4e1d-8439-c1f29b954853
x-ms-ratelimit-remaining-subscription-reads: 14998
x-ms-correlation-request-id   : ef61e70d-0ece-49a7-a544-106036cc6a4c
x-ms-routing-request-id       : USGOVVIRGINIA:20181011T235450Z:ef61e70d-0ece-49a7-a544-106036cc6a4c
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
Cache-Control                 : no-cache
Date                          : Thu, 11 Oct 2018 23:54:49 GMT

Body:
{
  "value": [
    {
      "properties": {
        "displayName": "[Preview]: Enable Monitoring in Azure Security Center",
        "policyType": "BuiltIn",
        "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.",
        "metadata": {
          "category": "Security Center"
        },
        "parameters": {
          "systemUpdatesMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor system updates",
              "description": "Enable or disable reporting of system updates"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "systemConfigurationsMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor OS vulnerabilities",
              "description": "Enable or disable OS vulnerabilities monitoring (based on a configured baseline)"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "endpointProtectionMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor endpoint protection",
              "description": "Enable or disable endpoint protection monitoring"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "diskEncryptionMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor disk encryption",
              "description": "Enable or disable the monitoring for VM disk encryption"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "networkSecurityGroupsMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor network security groups",
              "description": "Enable or disable monitoring of network security groups with permissive rules"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "webApplicationFirewallMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor web application firewall",
              "description": "Enable or disable the monitoring of unprotected web applications"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "nextGenerationFirewallMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Enable Next Generation Firewall (NGFW) monitoring",
              "description": "Enable or disable monitoring network endpoints without a Next Generation Firewall"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "vulnerabilityAssesmentMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor vulnerability assesment",
              "description": "Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "storageEncryptionMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor storage blob encryption",
              "description": "Enable or disable the monitoring of blob encryption for storage accounts"
            },
            "allowedValues": [
              "Audit",
              "Disabled"
            ],
            "defaultValue": "Audit"
          },
          "jitNetworkAccessMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor JIT network access",
              "description": "Enable or disable the monitoring of network just In time access"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "adaptiveApplicationControlsMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor application whitelisting",
              "description": "Enable or disable the monitoring of application whitelisting in Azure Security Center"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "sqlAuditingMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor SQL auditing",
              "description": "Enable or disable the monitoring of unaudited SQL databases"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "sqlEncryptionMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor SQL encryption",
              "description": "Enable or disable the monitoring of unencrypted SQL databases"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "diagnosticsLogsInAppServiceMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor diagnostic logs in Azure App Services",
              "description": "Enable or disable the monitoring of diagnostics logs in Azure App Services"
            },
            "allowedValues": [
              "Audit",
              "Disabled"
            ],
            "defaultValue": "Audit"
          },
          "encryptionOfAutomationAccountMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor encryption of automation accounts",
              "description": "Enable or disable the monitoring of automation account encryption"
            },
            "allowedValues": [
              "Audit",
              "Disabled"
            ],
            "defaultValue": "Audit"
          },
          "diagnosticsLogsInBatchAccountMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor diagnostic logs in Batch accounts",
              "description": "Enable or disable the monitoring of diagnostic logs in Batch accounts"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "diagnosticsLogsInBatchAccountRetentionDays": {
            "type": "String",
            "metadata": {
              "displayName": "Required retention (in days) for logs in Batch accounts",
              "description": "The required diagnostic logs retention period in days"
            },
            "defaultValue": "365"
          },
          "metricAlertsInBatchAccountMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor metric alerts in Batch accounts",
              "description": "Enable or disable the monitoring of metric alerts in Batch accounts"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "classicComputeVMsMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor classic compute VMs",
              "description": "Enable or disable the monitoring of classic compute VMs"
            },
            "allowedValues": [
              "Audit",
              "Disabled"
            ],
            "defaultValue": "Audit"
          },
          "classicStorageAccountsMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor classic storage accounts",
              "description": "Enable or disable the monitoring of classic storage accounts"
            },
            "allowedValues": [
              "Audit",
              "Disabled"
            ],
            "defaultValue": "Audit"
          },
          "diagnosticsLogsInDataLakeAnalyticsMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor diagnostic logs in Data Lake Analytics accounts",
              "description": "Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "diagnosticsLogsInDataLakeAnalyticsRetentionDays": {
            "type": "String",
            "metadata": {
              "displayName": "Required retention (in days) of logs in Data Lake Analytics accounts",
              "description": "The required diagnostic logs retention period in days"
            },
            "defaultValue": "365"
          },
          "diagnosticsLogsInDataLakeStoreMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor diagnostic logs in Data Lake Store accounts",
              "description": "Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "diagnosticsLogsInDataLakeStoreRetentionDays": {
            "type": "String",
            "metadata": {
              "displayName": "Required retention (in days) of logs in Data Lake Store accounts",
              "description": "The required diagnostic logs retention period in days"
            },
            "defaultValue": "365"
          },
          "diagnosticsLogsInEventHubMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor diagnostic logs in Event Hub accounts",
              "description": "Enable or disable the monitoring of diagnostic logs in Event Hub accounts"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "diagnosticsLogsInEventHubRetentionDays": {
            "type": "String",
            "metadata": {
              "displayName": "Required retention (in days) of logs in Event Hub accounts",
              "description": "The required diagnostic logs retention period in days"
            },
            "defaultValue": "365"
          },
          "diagnosticsLogsInKeyVaultMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor diagnostic logs in Key Vault vaults",
              "description": "Enable or disable the monitoring of diagnostic logs in Key Vault vaults"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "diagnosticsLogsInKeyVaultRetentionDays": {
            "type": "String",
            "metadata": {
              "displayName": "Required retention (in days) of logs in Key Vault vaults",
              "description": "The required diagnostic logs retention period in days"
            },
            "defaultValue": "365"
          },
          "diagnosticsLogsInLogicAppsMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor diagnostic logs in Logic Apps workflows",
              "description": "Enable or disable the monitoring of diagnostic logs in Logic Apps workflows"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "diagnosticsLogsInLogicAppsRetentionDays": {
            "type": "String",
            "metadata": {
              "displayName": "Required retention (in days) of logs in Logic Apps workflows",
              "description": "The required diagnostic logs retention period in days"
            },
            "defaultValue": "365"
          },
          "diagnosticsLogsInRedisCacheMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor diagnostic logs in Azure Redis Cache",
              "description": "Enable or disable the monitoring of diagnostic logs in Azure Redis Cache"
            },
            "allowedValues": [
              "Audit",
              "Disabled"
            ],
            "defaultValue": "Audit"
          },
          "diagnosticsLogsInSearchServiceMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor diagnostic logs in Azure Search service",
              "description": "Enable or disable the monitoring of diagnostic logs in Azure Search service"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "diagnosticsLogsInSearchServiceRetentionDays": {
            "type": "String",
            "metadata": {
              "displayName": "Required retention (in days) of logs in Azure Search service",
              "description": "The required diagnostic logs retention period in days"
            },
            "defaultValue": "365"
          },
          "aadAuthenticationInServiceFabricMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor Azure Active Directory authentication in Service Fabric",
              "description": "Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric"
            },
            "allowedValues": [
              "Audit",
              "Disabled"
            ],
            "defaultValue": "Audit"
          },
          "clusterProtectionLevelInServiceFabricMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor cluster protection level in Service Fabric",
              "description": "Enable or disable the monitoring of cluster protection level in Service Fabric"
            },
            "allowedValues": [
              "Audit",
              "Disabled"
            ],
            "defaultValue": "Audit"
          },
          "diagnosticsLogsInServiceBusMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor diagnostic logs in Service Bus",
              "description": "Enable or disable the monitoring of diagnostic logs in Service Bus"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "diagnosticsLogsInServiceBusRetentionDays": {
            "type": "String",
            "metadata": {
              "displayName": "Required retention (in days) of logs in Service Bus",
              "description": "The required diagnostic logs retention period in days"
            },
            "defaultValue": "365"
          },
          "namespaceAuthorizationRulesInServiceBusMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor Service Bus namespace authorization rules",
              "description": "Enable or disable the monitoring of Service Bus namespace authorization rules"
            },
            "allowedValues": [
              "Audit",
              "Disabled"
            ],
            "defaultValue": "Audit"
          },
          "aadAuthenticationInSqlServerMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor the provisioning of an Azure AD admininistrator for SQL server",
              "description": "Enable or disable the monitoring of an Azure AD admininistrator for SQL server"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "secureTransferToStorageAccountMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor the secure transfer to storage account",
              "description": "Enable or disable the monitoring of secure transfer to storage account"
            },
            "allowedValues": [
              "Audit",
              "Disabled"
            ],
            "defaultValue": "Audit"
          },
          "diagnosticsLogsInStreamAnalyticsMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor diagnostic logs in Stream Analytics",
              "description": "Enable or disable the monitoring of diagnostic logs in Stream Analytics"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          },
          "diagnosticsLogsInStreamAnalyticsRetentionDays": {
            "type": "String",
            "metadata": {
              "displayName": "Required retention (in days) of logs in Stream Analytics",
              "description": "The required diagnostic logs retention period in days"
            },
            "defaultValue": "365"
          },
          "useRbacRulesMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor of using built-in RBAC rules",
              "description": "Enable or disable the monitoring of using built-in RBAC rules"
            },
            "allowedValues": [
              "Audit",
              "Disabled"
            ],
            "defaultValue": "Audit"
          },
          "disableUnrestrictedNetworkToStorageAccountMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor disabling of unrestricted network access to storage account",
              "description": "Enable or disable the monitoring of network access to storage account"
            },
            "allowedValues": [
              "Audit",
              "Disabled"
            ],
            "defaultValue": "Audit"
          },
          "accessRulesInEventHubNamespaceMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor access rules in Event Hub namespaces",
              "description": "Enable or disable the monitoring of access rules in Event Hub namespaces"
            },
            "allowedValues": [
              "Audit",
              "Disabled"
            ],
            "defaultValue": "Audit"
          },
          "accessRulesInEventHubMonitoringEffect": {
            "type": "String",
            "metadata": {
              "displayName": "Monitor access rules in Event Hubs",
              "description": "Enable or disable the monitoring of access rules in Event Hubs"
            },
            "allowedValues": [
              "AuditIfNotExists",
              "Disabled"
            ],
            "defaultValue": "AuditIfNotExists"
          }
        },
        "policyDefinitions": [
          {
            "policyDefinitionReferenceId": "accessRulesInEventHubNamespaceMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7",
            "parameters": {
              "effect": {
                "value": "[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "accessRulesInEventHubMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d",
            "parameters": {
              "effect": {
                "value": "[parameters('accessRulesInEventHubMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "disableUnrestrictedNetworkToStorageAccountMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c",
            "parameters": {
              "effect": {
                "value": "[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "useRbacRulesMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5",
            "parameters": {
              "effect": {
                "value": "[parameters('useRbacRulesMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "diagnosticsLogsInStreamAnalyticsMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46",
            "parameters": {
              "effect": {
                "value": "[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]"
              },
              "requiredRetentionDays": {
                "value": "[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "secureTransferToStorageAccountMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
            "parameters": {
              "effect": {
                "value": "[parameters('secureTransferToStorageAccountMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "aadAuthenticationInSqlServerMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9",
            "parameters": {
              "effect": {
                "value": "[parameters('aadAuthenticationInSqlServerMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "namespaceAuthorizationRulesInServiceBusMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee",
            "parameters": {
              "effect": {
                "value": "[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "diagnosticsLogsInServiceBusMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45",
            "parameters": {
              "effect": {
                "value": "[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]"
              },
              "requiredRetentionDays": {
                "value": "[parameters('diagnosticsLogsInServiceBusRetentionDays')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "clusterProtectionLevelInServiceFabricMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68",
            "parameters": {
              "effect": {
                "value": "[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "aadAuthenticationInServiceFabricMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0",
            "parameters": {
              "effect": {
                "value": "[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "diagnosticsLogsInSearchServiceMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4",
            "parameters": {
              "effect": {
                "value": "[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]"
              },
              "requiredRetentionDays": {
                "value": "[parameters('diagnosticsLogsInSearchServiceRetentionDays')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "diagnosticsLogsInRedisCacheMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb",
            "parameters": {
              "effect": {
                "value": "[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "diagnosticsLogsInLogicAppsMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d",
            "parameters": {
              "effect": {
                "value": "[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]"
              },
              "requiredRetentionDays": {
                "value": "[parameters('diagnosticsLogsInLogicAppsRetentionDays')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "diagnosticsLogsInKeyVaultMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21",
            "parameters": {
              "effect": {
                "value": "[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]"
              },
              "requiredRetentionDays": {
                "value": "[parameters('diagnosticsLogsInKeyVaultRetentionDays')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "diagnosticsLogsInEventHubMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a",
            "parameters": {
              "effect": {
                "value": "[parameters('diagnosticsLogsInEventHubMonitoringEffect')]"
              },
              "requiredRetentionDays": {
                "value": "[parameters('diagnosticsLogsInEventHubRetentionDays')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "diagnosticsLogsInDataLakeStoreMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb",
            "parameters": {
              "effect": {
                "value": "[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]"
              },
              "requiredRetentionDays": {
                "value": "[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "diagnosticsLogsInDataLakeAnalyticsMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c",
            "parameters": {
              "effect": {
                "value": "[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]"
              },
              "requiredRetentionDays": {
                "value": "[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "classicStorageAccountsMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606",
            "parameters": {
              "effect": {
                "value": "[parameters('classicStorageAccountsMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "classicComputeVMsMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d",
            "parameters": {
              "effect": {
                "value": "[parameters('classicComputeVMsMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "metricAlertsInBatchAccountPoolDeleteStart",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7",
            "parameters": {
              "effect": {
                "value": "[parameters('metricAlertsInBatchAccountMonitoringEffect')]"
              },
              "metricName": {
                "value": "PoolDeleteStartEvent"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "metricAlertsInBatchAccountPoolDeleteComplete",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7",
            "parameters": {
              "effect": {
                "value": "[parameters('metricAlertsInBatchAccountMonitoringEffect')]"
              },
              "metricName": {
                "value": "PoolDeleteCompleteEvent"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "diagnosticsLogsInBatchAccountMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d",
            "parameters": {
              "effect": {
                "value": "[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]"
              },
              "requiredRetentionDays": {
                "value": "[parameters('diagnosticsLogsInBatchAccountRetentionDays')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "encryptionOfAutomationAccountMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735",
            "parameters": {
              "effect": {
                "value": "[parameters('encryptionOfAutomationAccountMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "diagnosticsLogsInAppServiceMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac",
            "parameters": {
              "effect": {
                "value": "[parameters('diagnosticsLogsInAppServiceMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "sqlEncryptionMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16",
            "parameters": {
              "effect": {
                "value": "[parameters('sqlEncryptionMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "sqlAuditingMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d",
            "parameters": {
              "effect": {
                "value": "[parameters('sqlAuditingMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "systemUpdatesMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60",
            "parameters": {
              "effect": {
                "value": "[parameters('systemUpdatesMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "storageEncryptionMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759",
            "parameters": {
              "effect": {
                "value": "[parameters('storageEncryptionMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "jitNetworkAccessMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c",
            "parameters": {
              "effect": {
                "value": "[parameters('jitNetworkAccessMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "adaptiveApplicationControlsMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc",
            "parameters": {
              "effect": {
                "value": "[parameters('adaptiveApplicationControlsMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "networkSecurityGroupsMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed",
            "parameters": {
              "effect": {
                "value": "[parameters('networkSecurityGroupsMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "systemConfigurationsMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15",
            "parameters": {
              "effect": {
                "value": "[parameters('systemConfigurationsMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "endpointProtectionMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9",
            "parameters": {
              "effect": {
                "value": "[parameters('endpointProtectionMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "diskEncryptionMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d",
            "parameters": {
              "effect": {
                "value": "[parameters('diskEncryptionMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "vulnerabilityAssesmentMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c",
            "parameters": {
              "effect": {
                "value": "[parameters('vulnerabilityAssesmentMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "webApplicationFirewallMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6",
            "parameters": {
              "effect": {
                "value": "[parameters('webApplicationFirewallMonitoringEffect')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "nextGenerationFirewallMonitoring",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6",
            "parameters": {
              "effect": {
                "value": "[parameters('nextGenerationFirewallMonitoringEffect')]"
              }
            }
          }
        ]
      },
      "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
      "type": "Microsoft.Authorization/policySetDefinitions",
      "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8"
    },
    {
      "properties": {
        "displayName": "[Preview]: Enable Azure Monitor for VMs",
        "policyType": "BuiltIn",
        "description": "Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analyt
ics workspace as parameter.",
        "metadata": {
          "category": "Monitoring"
        },
        "parameters": {
          "logAnalytics_1": {
            "type": "String",
            "metadata": {
              "displayName": "Log Analytics workspace",
              "description": "Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'L
og Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
              "strongType": "omsWorkspace"
            }
          }
        },
        "policyDefinitions": [
          {
            "policyDefinitionReferenceId": "LogAnalyticsExtension_Windows_VM_Deploy",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c",
            "parameters": {
              "logAnalytics": {
                "value": "[parameters('logAnalytics_1')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "LogAnalyticsExtension_Linux_VM_Deploy",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77",
            "parameters": {
              "logAnalytics": {
                "value": "[parameters('logAnalytics_1')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "DependencyAgentExtension_Windows_VM_Deploy",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04",
            "parameters": {}
          },
          {
            "policyDefinitionReferenceId": "DependencyAgentExtension_Linux_VM_Deploy",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee",
            "parameters": {}
          },
          {
            "policyDefinitionReferenceId": "LogAnalytics_OSImage_Audit",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50",
            "parameters": {}
          },
          {
            "policyDefinitionReferenceId": "DependencyAgent_OSImage_Audit",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07",
            "parameters": {}
          }
        ]
      },
      "id": "/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a",
      "type": "Microsoft.Authorization/policySetDefinitions",
      "name": "55f3eceb-5573-4f18-9695-226972c6d74a"
    },
    {
      "properties": {
        "displayName": "[Preview]: Enable Data Protection Suite",
        "policyType": "BuiltIn",
        "description": "Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.",
        "metadata": {
          "category": "Security Center"
        },
        "parameters": {},
        "policyDefinitions": [
          {
            "policyDefinitionReferenceId": "deployThreatDetectionOnSqlServers",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5",
            "parameters": {}
          }
        ]
      },
      "id": "/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97",
      "type": "Microsoft.Authorization/policySetDefinitions",
      "name": "9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97"
    },
    {
      "properties": {
        "displayName": "Initiative 1",
        "policyType": "Custom",
        "metadata": {
          "parameterScopes": {
            "effect": "/subscriptions/5cd20112-b6fc-4d19-a3b9-d60c566107d4"
          }
        },
        "parameters": {
          "EFFECT_1": {
            "type": "String",
            "metadata": {
              "displayName": "Effect"
            },
            "allowedValues": [
              "Audit"
            ]
          }
        },
        "policyDefinitions": [
          {
            "policyDefinitionReferenceId": "8044870099827093134",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d",
            "parameters": {}
          },
          {
            "policyDefinitionReferenceId": "14925110761776151115",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d",
            "parameters": {
              "effect": {
                "value": "[parameters('EFFECT_1')]"
              }
            }
          },
          {
            "policyDefinitionReferenceId": "12223381465296770942",
            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
            "parameters": {
              "effect": {
                "value": "[parameters('EFFECT_1')]"
              }
            }
          }
        ]
      },
      "id": "/subscriptions/5cd20112-b6fc-4d19-a3b9-d60c566107d4/providers/Microsoft.Authorization/policySetDefinitions/ba1d69c0-2cae-4e69-aafe-49349f848093",
      "type": "Microsoft.Authorization/policySetDefinitions",
      "name": "ba1d69c0-2cae-4e69-aafe-49349f848093"
    }
  ]
}




Name                  : 1f3afdf9-d0c9-4c3d-847f-89da613e70a8
ResourceId            : /providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8
ResourceName          : 1f3afdf9-d0c9-4c3d-847f-89da613e70a8
ResourceType          : Microsoft.Authorization/policySetDefinitions
Properties            : @{displayName=[Preview]: Enable Monitoring in Azure Security Center; policyType=BuiltIn; description=Monitor all the available security 
                        recommendations in Azure Security Center. This is the default policy for Azure Security Center.; metadata=; parameters=; 
                        policyDefinitions=System.Object[]}
PolicySetDefinitionId : /providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8

Name                  : 55f3eceb-5573-4f18-9695-226972c6d74a
ResourceId            : /providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a
ResourceName          : 55f3eceb-5573-4f18-9695-226972c6d74a
ResourceType          : Microsoft.Authorization/policySetDefinitions
Properties            : @{displayName=[Preview]: Enable Azure Monitor for VMs; policyType=BuiltIn; description=Enable Azure Monitor for the Virtual Machines (VMs) in 
                        the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.; metadata=; parameters=; 
                        policyDefinitions=System.Object[]}
PolicySetDefinitionId : /providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a

Name                  : 9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97
ResourceId            : /providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97
ResourceName          : 9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97
ResourceType          : Microsoft.Authorization/policySetDefinitions
Properties            : @{displayName=[Preview]: Enable Data Protection Suite; policyType=BuiltIn; description=Enable data protection for SQL servers. This 
                        initiative is assigned automatically by Azure Security Center Standard Tier.; metadata=; parameters=; policyDefinitions=System.Object[]}
PolicySetDefinitionId : /providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97

Name                  : ba1d69c0-2cae-4e69-aafe-49349f848093
ResourceId            : /subscriptions/5cd20112-b6fc-4d19-a3b9-d60c566107d4/providers/Microsoft.Authorization/policySetDefinitions/ba1d69c0-2cae-4e69-aafe-49349f84809
                        3
ResourceName          : ba1d69c0-2cae-4e69-aafe-49349f848093
ResourceType          : Microsoft.Authorization/policySetDefinitions
SubscriptionId        : 5cd20112-b6fc-4d19-a3b9-d60c566107d4
Properties            : @{displayName=Initiative 1; policyType=Custom; metadata=; parameters=; policyDefinitions=System.Object[]}
PolicySetDefinitionId : /subscriptions/5cd20112-b6fc-4d19-a3b9-d60c566107d4/providers/Microsoft.Authorization/policySetDefinitions/ba1d69c0-2cae-4e69-aafe-49349f84809
                        3

DEBUG: AzureQoSEvent: CommandName - Get-AzPolicySetDefinition; IsSuccess - True; Duration - 00:00:08.5679097; Exception - ;
DEBUG: Finish sending metric.
DEBUG: 7:54:54 PM - GetAzurePolicySetDefinitionCmdlet end processing.
DEBUG: 7:54:54 PM - GetAzurePolicySetDefinitionCmdlet end processing.

@markcowl
Copy link
Member

@CHDAFNI-MSFT I believe the issue is that the cmdlet should have returned only the last policy set definition, is that correct?

@markcowl markcowl added the Policy Azure Resource Policy label Oct 12, 2018
@markcowl markcowl added the Service Attention This issue is responsible by Azure service team. label Oct 12, 2018
@markcowl
Copy link
Member

@Tiano2017 Can you take a look?

@CHDAFNI-MSFT
Copy link
Author

@markcowl incorrect. by using the flag '-Custom', it should have only returned 'custom' policies. However it returns both 'custom' and 'builtin'. See attached screenshot.
mag_az_policysetdefinition

"@CHDAFNI-MSFT I believe the issue is that the cmdlet should have returned only the last policy set definition, is that correct?"

@CHDAFNI-MSFT
Copy link
Author

@Tiano2017 @markcowl poke poke

mentat9 added a commit to mentat9/azure-powershell that referenced this issue Jan 12, 2019
mentat9 added a commit to mentat9/azure-powershell that referenced this issue Jan 16, 2019
mentat9 added a commit to mentat9/azure-powershell that referenced this issue Jan 16, 2019
Add/update tests for Azure#7522 and Azure#5747
maddieclayton pushed a commit that referenced this issue Jan 18, 2019
@azcloudfarmer
Copy link

This issue has been fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Policy Azure Resource Policy Service Attention This issue is responsible by Azure service team.
Projects
None yet
Development

No branches or pull requests

4 participants