diff --git a/src/Resources/ResourceManager/Implementation/Policy/GetAzurePolicyAssignment.cs b/src/Resources/ResourceManager/Implementation/Policy/GetAzurePolicyAssignment.cs
index d5b7151f29c9..a2ba43236975 100644
--- a/src/Resources/ResourceManager/Implementation/Policy/GetAzurePolicyAssignment.cs
+++ b/src/Resources/ResourceManager/Implementation/Policy/GetAzurePolicyAssignment.cs
@@ -169,7 +169,7 @@ private bool IsResourceGet(string resourceId)
///
private string GetResourceId()
{
- return this.Id ?? this.MakePolicyAssignmentId(this.Scope ?? $"/{Constants.Subscriptions}/{DefaultContext.Subscription.Id}", this.Name);
+ return this.Id ?? this.MakePolicyAssignmentId(this.Scope, this.Name);
}
private string GetFilterParam(string resourceId)
diff --git a/src/Resources/ResourceManager/Implementation/Policy/NewAzurePolicyAssignment.cs b/src/Resources/ResourceManager/Implementation/Policy/NewAzurePolicyAssignment.cs
index daf63b194a0d..c1b7a17ab53a 100644
--- a/src/Resources/ResourceManager/Implementation/Policy/NewAzurePolicyAssignment.cs
+++ b/src/Resources/ResourceManager/Implementation/Policy/NewAzurePolicyAssignment.cs
@@ -44,7 +44,7 @@ public class NewAzurePolicyAssignmentCmdlet : PolicyCmdletBase, IDynamicParamete
///
/// Gets or sets the policy assignment scope parameter
///
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = PolicyHelpStrings.NewPolicyAssignmentScopeHelp)]
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = PolicyHelpStrings.NewPolicyAssignmentScopeHelp)]
[ValidateNotNullOrEmpty]
public string Scope { get; set; }
diff --git a/src/Resources/ResourceManager/Implementation/Policy/PolicyCmdletBase.cs b/src/Resources/ResourceManager/Implementation/Policy/PolicyCmdletBase.cs
index 94b6542a599f..1e52700147cf 100644
--- a/src/Resources/ResourceManager/Implementation/Policy/PolicyCmdletBase.cs
+++ b/src/Resources/ResourceManager/Implementation/Policy/PolicyCmdletBase.cs
@@ -165,7 +165,7 @@ protected JArray GetArrayFromParameter(string parameter, string parameterName)
protected string MakePolicyAssignmentId(string scope, string resourceName)
{
return ResourceIdUtility.GetResourceId(
- resourceId: scope,
+ resourceId: scope ?? $"/{Constants.Subscriptions}/{DefaultContext.Subscription.Id}",
extensionResourceType: Constants.MicrosoftAuthorizationPolicyAssignmentType,
extensionResourceName: resourceName);
}
diff --git a/src/Resources/ResourceManager/Implementation/Policy/PolicyHelpStrings.cs b/src/Resources/ResourceManager/Implementation/Policy/PolicyHelpStrings.cs
index d00a6a8ca38c..619a1dc69b0c 100644
--- a/src/Resources/ResourceManager/Implementation/Policy/PolicyHelpStrings.cs
+++ b/src/Resources/ResourceManager/Implementation/Policy/PolicyHelpStrings.cs
@@ -20,13 +20,13 @@ public static class PolicyHelpStrings
/// Policy assignment cmdlet parameter help strings
///
public const string GetPolicyAssignmentNameHelp = "The name of the policy assignment to get.";
- public const string GetPolicyAssignmentScopeHelp = "The scope of the policy assignment to get, e.g. /providers/managementGroups/{managementGroupName}.";
+ public const string GetPolicyAssignmentScopeHelp = "The scope of the policy assignment to get, e.g. /providers/managementGroups/{managementGroupName}, defaults to current subscription.";
public const string GetPolicyAssignmentIdHelp = "The fully qualified policy assignment ID to get, including the scope, e.g. /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}.";
public const string GetPolicyDefinitionFilterHelp = "Limits the list of returned policy assignments to those assigning the policy definition identified by this fully qualified Id.";
public const string GetPolicyAssignmentIncludeDescendentsHelp = "Causes the list of returned policy assignments to include all assignments related to the given scope, including those from ancestor scopes and those from descendent scopes.";
public const string GetPolicyAssignmentDoesNothingHelp = "This parameter is ignored if provided with -Name or -Id parameters.";
public const string NewPolicyAssignmentNameHelp = "The name of the new policy assignment.";
- public const string NewPolicyAssignmentScopeHelp = "The scope of the new policy assignment, e.g. /providers/managementGroups/{managementGroupName}.";
+ public const string NewPolicyAssignmentScopeHelp = "The scope of the new policy assignment, e.g. /providers/managementGroups/{managementGroupName}, defaults to current subscription.";
public const string NewPolicyAssignmentNotScopesHelp = "The not scopes for the new policy assignment.";
public const string NewPolicyAssignmentDisplayNameHelp = "The display name for the new policy assignment.";
public const string NewPolicyAssignmentDescriptionHelp = "The description for the new policy assignment.";
@@ -38,10 +38,10 @@ public static class PolicyHelpStrings
public const string NewPolicyAssignmentEnforcementModeHelp = "The enforcement mode for the new policy assignment, e.g. Default, DoNotEnforce. It indicates whether a policy effect will be enforced or not during assignment creation and update. Please visit https://aka.ms/azure-policyAssignment-enforcement-mode for more information.";
public const string NewPolicyAssignmentSkuHelp = "A hash table which specifies sku properties. This parameter is deprecated and ignored.";
public const string RemovePolicyAssignmentNameHelp = "The name of the policy assignment to delete.";
- public const string RemovePolicyAssignmentScopeHelp = "The scope of the policy assignment to delete, e.g. /providers/managementGroups/{managementGroupName}.";
+ public const string RemovePolicyAssignmentScopeHelp = "The scope of the policy assignment to delete, e.g. /providers/managementGroups/{managementGroupName}, defaults to current subscription.";
public const string RemovePolicyAssignmentIdHelp = "The fully qualified policy assignment ID to delete, including the scope, e.g. /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}.";
public const string SetPolicyAssignmentNameHelp = "The name of the policy assignment to update.";
- public const string SetPolicyAssignmentScopeHelp = "The scope of the policy assignment to update, e.g. /providers/managementGroups/{managementGroupName}.";
+ public const string SetPolicyAssignmentScopeHelp = "The scope of the policy assignment to update, e.g. /providers/managementGroups/{managementGroupName}, defaults to current subscription.";
public const string SetPolicyAssignmentNotScopesHelp = "The not scopes of the updated policy assignment.";
public const string SetPolicyAssignmentIdHelp = "The fully qualified ID of the policy assignment to update, including the scope, e.g. /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}.";
public const string SetPolicyAssignmentDisplayNameHelp = "The display name of the updated policy assignment";
diff --git a/src/Resources/ResourceManager/Implementation/Policy/RemoveAzurePolicyAssignment.cs b/src/Resources/ResourceManager/Implementation/Policy/RemoveAzurePolicyAssignment.cs
index cf140e36be80..8faf53074802 100644
--- a/src/Resources/ResourceManager/Implementation/Policy/RemoveAzurePolicyAssignment.cs
+++ b/src/Resources/ResourceManager/Implementation/Policy/RemoveAzurePolicyAssignment.cs
@@ -34,7 +34,7 @@ public class RemoveAzurePolicyAssignmentCmdlet : PolicyCmdletBase
///
/// Gets or sets the policy assignment scope parameter.
///
- [Parameter(ParameterSetName = PolicyCmdletBase.NameParameterSet, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = PolicyHelpStrings.RemovePolicyAssignmentScopeHelp)]
+ [Parameter(ParameterSetName = PolicyCmdletBase.NameParameterSet, Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = PolicyHelpStrings.RemovePolicyAssignmentScopeHelp)]
[ValidateNotNullOrEmpty]
public string Scope { get; set; }
diff --git a/src/Resources/ResourceManager/Implementation/Policy/SetAzurePolicyAssignment.cs b/src/Resources/ResourceManager/Implementation/Policy/SetAzurePolicyAssignment.cs
index 718418fbabba..82f9ebd193ec 100644
--- a/src/Resources/ResourceManager/Implementation/Policy/SetAzurePolicyAssignment.cs
+++ b/src/Resources/ResourceManager/Implementation/Policy/SetAzurePolicyAssignment.cs
@@ -44,9 +44,9 @@ public class SetAzurePolicyAssignmentCmdlet : PolicyCmdletBase
///
/// Gets or sets the policy assignment scope parameter.
///
- [Parameter(ParameterSetName = PolicyCmdletBase.NameParameterSet, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = PolicyHelpStrings.SetPolicyAssignmentScopeHelp)]
- [Parameter(ParameterSetName = PolicyCmdletBase.PolicyParameterNameObjectParameterSet, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = PolicyHelpStrings.SetPolicyAssignmentPolicyParameterObjectHelp)]
- [Parameter(ParameterSetName = PolicyCmdletBase.PolicyParameterNameStringParameterSet, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = PolicyHelpStrings.SetPolicyParameterHelp)]
+ [Parameter(ParameterSetName = PolicyCmdletBase.NameParameterSet, Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = PolicyHelpStrings.SetPolicyAssignmentScopeHelp)]
+ [Parameter(ParameterSetName = PolicyCmdletBase.PolicyParameterNameObjectParameterSet, Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = PolicyHelpStrings.SetPolicyAssignmentPolicyParameterObjectHelp)]
+ [Parameter(ParameterSetName = PolicyCmdletBase.PolicyParameterNameStringParameterSet, Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = PolicyHelpStrings.SetPolicyParameterHelp)]
[ValidateNotNullOrEmpty]
public string Scope { get; set; }
diff --git a/src/Resources/Resources.Test/ScenarioTests/PolicyTests.ps1 b/src/Resources/Resources.Test/ScenarioTests/PolicyTests.ps1
index a8958c3fe0f8..b633eedeceff 100644
--- a/src/Resources/Resources.Test/ScenarioTests/PolicyTests.ps1
+++ b/src/Resources/Resources.Test/ScenarioTests/PolicyTests.ps1
@@ -1214,7 +1214,7 @@ function Test-NewPolicyAssignmentParameters
Assert-ThrowsContains { New-AzPolicyAssignment } $missingParameters
# validate parameter combinations starting with -Name
- Assert-ThrowsContains { New-AzPolicyAssignment -Name $someName } $missingParameters
+ Assert-ThrowsContains { New-AzPolicyAssignment -Name $someName } $invalidRequestContent
Assert-ThrowsContains { New-AzPolicyAssignment -Name $someName -Scope $goodScope } $invalidRequestContent
Assert-ThrowsContains { New-AzPolicyAssignment -Name $someName -Scope $someScope -PolicyDefinition $goodPolicyDefinition } $missingSubscription
Assert-ThrowsContains { New-AzPolicyAssignment -Name $someName -Scope $someScope -PolicyDefinition $goodPolicyDefinition -PolicySetDefinition $goodPolicySetDefinition } $onlyDefinitionOrSetDefinition
@@ -1245,7 +1245,8 @@ function Test-RemovePolicyAssignmentParameters
Assert-ThrowsContains { Remove-AzPolicyAssignment } $missingParameters
# validate parameter combinations starting with -Name
- Assert-ThrowsContains { Remove-AzPolicyAssignment -Name $someName } $missingParameters
+ $ok = Remove-AzPolicyAssignment -Name $someName
+ Assert-AreEqual True $ok
$ok = Remove-AzPolicyAssignment -Name $someName -Scope $goodScope
Assert-AreEqual True $ok
Assert-ThrowsContains { Remove-AzPolicyAssignment -Name $someName -Id $someId } $parameterSetError
@@ -1277,17 +1278,17 @@ function Test-SetPolicyAssignmentParameters
Assert-ThrowsContains { Set-AzPolicyAssignment } $missingParameters
# validate parameter combinations starting with -Name
- Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName } $missingParameters
+ Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName } $policyAssignmentNotFound
Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -Scope $goodScope } $policyAssignmentNotFound
- Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -NotScope $someNotScope } $missingParameters
+ Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -NotScope $someNotScope } $policyAssignmentNotFound
Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -Id $someId } $parameterSetError
- Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -DisplayName $someDisplayName } $missingParameters
- Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -Description $description } $missingParameters
- Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -Metadata $metadata } $missingParameters
- Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -PolicyParameterObject $someParameterObject } $missingParameters
- Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -PolicyParameter $someParameters } $missingParameters
- Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -AssignIdentity } $missingParameters
- Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -Location $someLocation } $missingParameters
+ Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -DisplayName $someDisplayName } $policyAssignmentNotFound
+ Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -Description $description } $policyAssignmentNotFound
+ Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -Metadata $metadata } $policyAssignmentNotFound
+ Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -PolicyParameterObject $someParameterObject } $policyAssignmentNotFound
+ Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -PolicyParameter $someParameters } $policyAssignmentNotFound
+ Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -AssignIdentity } $policyAssignmentNotFound
+ Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -Location $someLocation } $policyAssignmentNotFound
Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -Scope $someScope -NotScope $someNotScope } $missingSubscription
Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -Scope $someScope -Id $someId } $parameterSetError
Assert-ThrowsContains { Set-AzPolicyAssignment -Name $someName -Scope $someScope -DisplayName $someDisplayName } $missingSubscription
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestNewPolicyAssignmentParameters.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestNewPolicyAssignmentParameters.json
index 25cbd6d47bc2..12a6094e8d4b 100644
--- a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestNewPolicyAssignmentParameters.json
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestNewPolicyAssignmentParameters.json
@@ -1,14 +1,14 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policydefinitions?api-version=2019-09-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZjY3Y2M5MTgtZjY0Zi00YzNmLWFhMjQtYTg1NTQ2NWY5ZDQxL3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucz9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestUri": "/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policydefinitions?api-version=2019-09-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lkZWZpbml0aW9ucz9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -28,16 +28,16 @@
"Accept-Encoding"
],
"x-ms-ratelimit-remaining-subscription-reads": [
- "11993"
+ "11999"
],
"x-ms-request-id": [
- "westus:9921e990-dc23-42a6-9d63-adcd8103b32e"
+ "westus:56ec6a02-8b25-46e9-b83c-397422299c08"
],
"x-ms-correlation-request-id": [
- "11740ee3-32cb-4aaf-a6d8-f7d945327cfd"
+ "2a328df4-72e8-49fb-a0e0-63b5b88406aa"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T223912Z:11740ee3-32cb-4aaf-a6d8-f7d945327cfd"
+ "WESTUS:20200109T013452Z:2a328df4-72e8-49fb-a0e0-63b5b88406aa"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -46,10 +46,10 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:39:12 GMT"
+ "Thu, 09 Jan 2020 01:34:51 GMT"
],
"Content-Length": [
- "1644229"
+ "1748901"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -61,18 +61,18 @@
"0"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1599\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0004bbf0-5099-4179-869e-e9ffe5fb0945\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1375 - Incident Response Assistance | Automation Support For Availability Of Information / Support\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"00379355-8932-4b52-b63a-3bc6daf3451a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1605 - Developer Security Testing And Evaluation | Static Code Analysis\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0062eb8b-dc75-4718-8ea5-9bb4a9606655\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1142 - Security Assessment And Authorization Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1142\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01524fa8-4555-48ce-ba5f-c3b8dcef5147\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1099 - Security Training Records\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1099\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01910bab-8639-4bd0-84ef-cc53b24d79ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1285\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01f7726b-db54-45c2-bcb5-9bd7a43796ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1709 - Security Function Verification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1709\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"025992d6-7fee-4137-9bbf-2ffc39c0686c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1052 - Session Lock\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1052\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"027cae1c-ec3e-4492-9036-4168d540c42a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1034 - Least Privilege\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1034\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"02a5ed00-6d2e-4e97-9a98-46c32c057329\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs on which the remote host connection status does not match the specified one\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines on which the remote host connection status does not match the specified one. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsRemoteConnection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"02a84be7-c304-421f-9bb7-5d2c26af54ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1623 - Boundary Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1623\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"02ce1b22-412a-4528-8630-c42146f917ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1515 - Personnel Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1515\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"02dd141a-a2b2-49a7-bcbd-ca31142f6211\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1327 - Authenticator Management | Password-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1327\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"03188d8f-1ae5-4fe1-974d-2d7d32ef937d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1229 - Information System Component Inventory | No Duplicate Accounting Of Components\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1229\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"03752212-103c-4ab8-a306-7e813022ca9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level Adjustment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1123\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"03996055-37a4-45a5-8b70-3f1caa45f87d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply - Minimal Operational Capability\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1474\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"03ad326e-d7a1-44b1-9a76-e17492efc9e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1227 - Information System Component Inventory | Automated Unauthorized Component Detection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"03b78f5e-4877-4303-b0f4-eb6583f25768\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1361 - Incident Handling\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"03ed3be1-7276-4452-9a5d-e4168565ac67\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1594 - Developer Configuration Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"042ba2a1-8bb8-45f4-b080-c78cf62b90e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"SQL managed instance TDE protector should be encrypted with your own key\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Transparent Data Encryption (TDE) with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/encryptionProtector\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType\",\r\n \"equals\": \"AzureKeyVault\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/managedInstances/encryptionProtector/uri\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/managedInstances/encryptionProtector/uri\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"048248b0-55cd-46da-b1ff-39efd52db260\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Network traffic data collection agent should be installed on Linux virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Security Center uses the Microsoft Monitoring Dependency Agent to collect network traffic data from your Azure virtual machines to enable advanced network protection features such as traffic visualization on the network map, network hardening recommendations and specific network threats.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"preview\": \"true\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable Dependency Agent for Linux VMs monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\",\r\n \"12-SP3\",\r\n \"12-SP4\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04c4380f-3fae-46e8-96c9-30193528f602\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Service Bus to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Service Bus to stream to a regional Log Analytics workspace when any Service Bus which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"OperationalLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04d53d87-841c-4f23-8a5b-21564380b55e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1572 - Acquisition Process\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1331 - Authenticator Management | Password-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"05460fe2-301f-4ed1-8174-d62c8bb92ff4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Ensure that an email address is provided for the 'Send scan reports to' field in the Vulnerability Assessment settings. This email address receives scan result summary after a periodic scan runs on SQL servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/vulnerabilityAssessments\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\",\r\n \"notEquals\": \"\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Azure Data Lake Store should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1132\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"05938e10-cdbd-4a54-9b2b-1cbcfc141ad0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1223 - Information System Component Inventory\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1223\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1640 - Transmission Confidentiality And Integrity\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1640\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"05a289ce-6a20-4b75-a0f3-dc8601b6acd0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1420 - Maintenance Personnel\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1420\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"05ae08cc-a282-413b-90c7-21a2c60b8404\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1658 - Secure Name / Address Resolution Service (Recursive Or Caching Resolver)\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"063b540e-4bdc-4e7a-a569-3a42ddf22098\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1688 - Information System Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"063c3f09-e0f0-4587-8fd5-f4276fae675f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1332 - Authenticator Management | Password-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"068260be-a5e6-4b0a-a430-cd27071c226a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1455 - Physical Access Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1455\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"068a88d4-e520-434e-baf0-9005a8164e6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1366 - Incident Handling | Information Correlation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1366\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06c45c30-ae44-4f0f-82be-41331da911cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated Proxy Servers\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1633\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"07557aa0-e02f-4460-9a81-8ecd2fed601a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CORS should not allow every resource to access your Function Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Cross-Origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1583 - Information System Documentation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1583\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0882d488-8e80-4466-bc0f-0cd15b6cb66d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Search Services to stream to a regional Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Search/searchServices/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"OperationLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08ba64b8-738f-4918-9686-730d2ed79c7d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Network Security Group Rules for Internet facing virtual machines should be hardened\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Azure Security Center analyzes the traffic patterns of Internet facing virtual machines and provides Network Security Group rule recommendations that reduce the potential attack surface\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"adaptiveNetworkHardenings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08e6af2d-db70-460a-bfe9-d5bd474ba9d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"There should be more than one owner assigned to your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1159 - Security Authorization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0925f098-7877-450b-8ba4-d1e55f2d8795\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Disk encryption should be applied on virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1302 - Identification And Authentication (Org. Users) | Network Access To Non-Privileged Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1302\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09828c65-e323-422b-9774-9d5c646124da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Configure backup on VMs of a location to an existing central Vault in the same location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy configures Azure Backup protection on VMs in a given location to an existing central vault in the same location. It applies to only those VMs that are not already configured for backup. It is recommended that this policy is assigned to not more than 200 VMs. If the policy is assigned for more than 200 VMs, it can result in the backup getting triggered a few hours beyond the defined schedule. This policy will be enhanced to support more VM images.\",\r\n \"metadata\": {\r\n \"category\": \"Backup\"\r\n },\r\n \"parameters\": {\r\n \"vaultLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Location (Specify the location of the VMs that you want to protect)\",\r\n \"description\": \"Specify the location of the VMs that you want to protect. VMs should be backed up to a vault in the same location.\\nFor example - southeastasia\",\r\n \"strongType\": \"location\"\r\n }\r\n },\r\n \"backupPolicyId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Backup Policy (of type Azure VM from a vault in the location chosen above)\",\r\n \"description\": \"Specify the id of the Azure backup policy to configure backup of the virtual machines. The selected Azure backup policy should be of type Azure virtual machine. This policy needs to be in a vault that is present in the location chosen above.\\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"auditIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vaultLocation')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\",\r\n \"/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b\"\r\n ],\r\n \"type\": \"Microsoft.RecoveryServices/backupprotecteditems\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"backupPolicyId\": {\r\n \"type\": \"String\"\r\n },\r\n \"fabricName\": {\r\n \"type\": \"String\"\r\n },\r\n \"protectionContainers\": {\r\n \"type\": \"String\"\r\n },\r\n \"protectedItems\": {\r\n \"type\": \"String\"\r\n },\r\n \"sourceResourceId\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[concat('DeployProtection-',uniqueString(parameters('protectedItems')))]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[first(skip(split(parameters('backupPolicyId'), '/'), 4))]\",\r\n \"subscriptionId\": \"[first(skip(split(parameters('backupPolicyId'), '/'), 2))]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"backupPolicyId\": {\r\n \"type\": \"String\"\r\n },\r\n \"fabricName\": {\r\n \"type\": \"String\"\r\n },\r\n \"protectionContainers\": {\r\n \"type\": \"String\"\r\n },\r\n \"protectedItems\": {\r\n \"type\": \"String\"\r\n },\r\n \"sourceResourceId\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems\",\r\n \"name\": \"[concat(first(skip(split(parameters('backupPolicyId'), '/'), 8)), '/', parameters('fabricName'), '/',parameters('protectionContainers'), '/', parameters('protectedItems'))]\",\r\n \"apiVersion\": \"2016-06-01\",\r\n \"properties\": {\r\n \"protectedItemType\": \"Microsoft.Compute/virtualMachines\",\r\n \"policyId\": \"[parameters('backupPolicyId')]\",\r\n \"sourceResourceId\": \"[parameters('sourceResourceId')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"backupPolicyId\": {\r\n \"value\": \"[parameters('backupPolicyId')]\"\r\n },\r\n \"fabricName\": {\r\n \"value\": \"[parameters('fabricName')]\"\r\n },\r\n \"protectionContainers\": {\r\n \"value\": \"[parameters('protectionContainers')]\"\r\n },\r\n \"protectedItems\": {\r\n \"value\": \"[parameters('protectedItems')]\"\r\n },\r\n \"sourceResourceId\": {\r\n \"value\": \"[parameters('sourceResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"backupPolicyId\": {\r\n \"value\": \"[parameters('backupPolicyId')]\"\r\n },\r\n \"fabricName\": {\r\n \"value\": \"Azure\"\r\n },\r\n \"protectionContainers\": {\r\n \"value\": \"[concat('iaasvmcontainer;iaasvmcontainerv2;', resourceGroup().name, ';' ,field('name'))]\"\r\n },\r\n \"protectedItems\": {\r\n \"value\": \"[concat('vm;iaasvmcontainerv2;', resourceGroup().name, ';' ,field('name'))]\"\r\n },\r\n \"sourceResourceId\": {\r\n \"value\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Compute/virtualMachines/',field('name'))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09ce66bc-1220-4153-8104-e3f51c936913\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1654 - Voice Over Internet Protocol\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a2ee16e-ab1f-414a-800b-d1608835862b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1402\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a560d32-8075-4fec-9615-9f7c853f4ea9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1428 - Media Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a77fcc7-b8d8-451a-ab52-56197913c0c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'System Audit Policies - Account Management'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Account Management'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesAccountManagement\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesAccountManagement\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a9991e6-21be-49f9-8916-a06d934bcf29\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1044 - Unsuccessful Logon Attempts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0abbac52-57cf-450d-8408-1208d0dd9e90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0afce0b3-dd9f-42bb-af28-1e4284ba8311\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Email notification to subscription owner for high severity alerts should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enable emailing security alerts to the subscription owner, in order to have them receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/securityContacts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/securityContacts/alertsToAdmins\",\r\n \"notEquals\": \"Off\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0b15565f-aa9e-48ba-8619-45960f2c314d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0b1aa965-7502-41f9-92be-3e2fe7cc392a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1020 - Account Management | Role-Based Schemes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0b291ee8-3140-4cad-beb7-568c077c78ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Key Vault objects should be recoverable\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits if key vault objects are not recoverable. Soft Delete feature helps to effectively hold the resources for a given retention period (90 days) even after a DELETE operation, while giving the appearance that the object is deleted. When 'Purge protection' is on, a vault or an object in deleted state cannot be purged until the retention period of 90 days has passed. These vaults and objects can still be recovered, assuring customers that the retention policy will be followed.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.KeyVault/vaults/enableSoftDelete\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault/vaults/enablePurgeProtection\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault/vaults/enableSoftDelete\",\r\n \"equals\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault/vaults/enablePurgeProtection\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1115 - Audit Review, Analysis, And Reporting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1115\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0b653845-2ad9-4e09-a4f3-5a7c1d78353d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1239 - User-Installed Software\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1239\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0be51298-f643-4556-88af-d7db90794879\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/clientCertEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0c192fe8-9cbb-4516-85b3-0ade8bd03886\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1496 - System Security Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ca96127-2f87-46ab-a4fc-0d2a786df1c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"SQL server TDE protector should be encrypted with your own key\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Transparent Data Encryption (TDE) with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/encryptionProtector\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/encryptionProtector/serverKeyType\",\r\n \"equals\": \"AzureKeyVault\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/encryptionProtector/uri\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/encryptionProtector/uri\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0d134df8-db83-46fb-ad72-fe0c9428c8dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1518 - Personnel Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0d58f734-c052-40e9-8b2f-a1c2bff0b815\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1713 - Software, Firmware, And Information Integrity | Integrity Checks\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1713\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0d87c70b-5012-48e9-994b-e70dd4b8def0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1466 - Visitor Access Records\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1466\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0d943a9c-a6f1-401f-a792-740cdb09c451\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs on which Windows Defender Exploit Guard is not enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines on which Windows Defender Exploit Guard is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsDefenderExploitGuard\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Managed identity should be used in your Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Use a managed identity for enhanced authentication security\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/managedServiceIdentityId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0da106f2-4ca3-48e8-bc85-c638fe6aea8f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1718 - Software, Firmware, And Information Integrity | Binary Or Machine Executable Code\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0dced7ab-9ce5-4137-93aa-14c13e06ab17\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Authorized IP ranges should be defined on Kubernetes Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restrict access to the Kubernetes Service Management API by granting API access only to IP addresses in specific ranges. It is recommended to limit access to authorized IP ranges to ensure that only applications from allowed networks can access the cluster.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/apiServerAuthorizedIPRanges\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e246bcf-5f6f-4f87-bc6f-775d4712c7ea\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Remote debugging should be turned off for Function Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.remoteDebuggingEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Geo-redundant backup should be enabled for Azure Database for MariaDB\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Azure Database for MariaDB with geo-redundant backup not enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforMariaDB/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DBforMariaDB/servers/storageProfile.geoRedundantBackup\",\r\n \"notEquals\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ec47710-77ff-4a3d-9181-6aa50af424d0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to enable Guest Configuration Policy on Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a system-assigned managed identity and deploys the VM extension for Guest Configuration on Windows VMs. This is a prerequisites for Guest Configuration Policy and must be assigned to the scope before using any Guest Configuration policy. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"AzurePolicyforWindows\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.GuestConfiguration\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"ConfigurationforWindows\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ecd903d-91e7-4726-83d3-a229d7f2e293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1601 - Developer Security Testing And Evaluation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1476 - Fire Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1476\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0f3c4ac2-3e35-4906-a80b-473b12a622d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1204 - Access Restrictions For Change | Review System Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1204\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0f4f6750-d1ab-4a4c-8dfd-af3237682665\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1430 - Media Marking\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1430\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0f559588-5e53-4b14-a7c4-85d28ebc2234\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1574 - Acquisition Process\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1574\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0f935dab-83d6-47b8-85ef-68b8584161b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1164 - Continuous Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0fb8d3ce-9e96-481c-9c68-88d4e3019310\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1017 - Account Management | Inactivity Logout\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0fc3db37-e59a-48c1-84e9-1780cedb409e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1087 - Security Awareness And Training Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1087\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"100c82ba-42e9-4d44-a2ba-94b209248583\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that do not contain the specified certificates in Trusted Root\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows VMs that do not contain the specified certificates in the Trusted Root Certification Authorities certificate store (Cert:\\\\LocalMachine\\\\Root). It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"CertificateThumbprints\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints that should exist under the Trusted Root certificate store (Cert:\\\\LocalMachine\\\\Root). e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsCertificateInTrustedRoot\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude', '=', parameters('CertificateThumbprints')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsCertificateInTrustedRoot\"\r\n },\r\n \"CertificateThumbprints\": {\r\n \"value\": \"[parameters('CertificateThumbprints')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"CertificateThumbprints\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude\",\r\n \"value\": \"[parameters('CertificateThumbprints')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude\",\r\n \"value\": \"[parameters('CertificateThumbprints')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"106ccbe4-a791-4f33-a44a-06796944b8d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1554\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"10984b4e-c93e-48d7-bf20-9c03b04e9eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that '.Net Framework' version is the latest, if used as a part of the Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for .Net Framework software either due to security flaws or to include additional functionality. Using the latest .Net framework version for web apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.netFrameworkVersion\",\r\n \"in\": [\r\n \"v3.0\",\r\n \"v4.0\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"10c1859c-e1a7-4df3-ab97-a487fa8059f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Custom subscription owner roles should not exist\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy ensures that no custom subscription owner roles exist.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/permissions.actions[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/assignableScopes[*]\",\r\n \"notIn\": [\r\n \"[concat(subscription().id,'/')]\",\r\n \"[subscription().id]\",\r\n \"/\"\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/assignableScopes[*]\",\r\n \"notLike\": \"/providers/Microsoft.Management/*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1230 - Configuration Management Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11158848-f679-4e9b-aa7b-9fb07d945071\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1432 - Media Storage\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1140e542-b80d-4048-af45-3f7245be274b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\",\r\n \"12-SP3\",\r\n \"12-SP4\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1655 - Voice Over Internet Protocol\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1655\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"121eab72-390e-4629-a7e2-6d6184f57c6b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1681 - Malicious Code Protection | Automatic Updates\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12623e7e-4736-4b2e-b776-c1600f35f93a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1240 - User-Installed Software\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"129eb39f-d79a-4503-84cd-92f036b5e429\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Security Options - System objects'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - System objects'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsSystemobjects\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsSystemobjects\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12ae2d24-3805-4b37-9fa9-465968bfbcfa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1666 - System And Information Integrity Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1666\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12e30ee3-61e6-4509-8302-a871e8ebb91e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs that do not have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the specified applications installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names (supports wildcards)\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[InstalledApplication]bwhitelistedapp;Name', '=', parameters('installedApplication')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1347 - Identification And Authentication (Non-Org. Users) | Acceptance Of PIV Creds. From Other Agys.\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1347\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"131a2706-61e9-4916-a164-00e052056462\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1450 - Physical Access Authorizations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"134d7a13-ba3e-41e2-b236-91bfcfa24e01\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1184 - Configuration Change Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1085 - Publicly Accessible Content\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"13d117e0-38b0-4bbb-aaab-563be5dd10ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1404 - Maintenance Tools\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1404\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"13d8f903-0cd6-449f-a172-50f6579c182b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1695 - Information System Monitoring | Wireless Intrusion Detection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1695\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"13fcf812-ec82-4eda-9b89-498de9efd620\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs in which the Administrators group contains any of the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines in which the Administrators group contains any of the specified members. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"MembersToExclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to exclude\",\r\n \"description\": \"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AdministratorsGroupMembersToExclude\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[LocalGroup]AdministratorsGroup;MembersToExclude', '=', parameters('MembersToExclude')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AdministratorsGroupMembersToExclude\"\r\n },\r\n \"MembersToExclude\": {\r\n \"value\": \"[parameters('MembersToExclude')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"MembersToExclude\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LocalGroup]AdministratorsGroup;MembersToExclude\",\r\n \"value\": \"[parameters('MembersToExclude')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LocalGroup]AdministratorsGroup;MembersToExclude\",\r\n \"value\": \"[parameters('MembersToExclude')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"144f1397-32f9-4598-8c88-118decc3ccba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1157 - Plan Of Action And Milestones\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15495367-cf68-464c-bbc3-f53ca5227b7a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1491 - Security Planning Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1491\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1571dd40-dafc-4ef4-8f55-16eba27efc7b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1564 - System Development Life Cycle\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1564\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"157f0ef9-143f-496d-b8f9-f8c8eeaad801\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that do not have a minimum password age of 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have a minimum password age of 1 day. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1662 - Fail In Known State\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1662\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"165cb91f-7ea8-4ab7-beaf-8636b98c9d15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1684 - Information System Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1684\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16bfdb59-db38-47a5-88a9-2e9371a638cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs that do not have the specified Windows PowerShell modules installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not have the specified Windows PowerShell modules installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsPowerShellModules\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16f9b37c-4408-4c30-bc17-254958f2e2d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1103 - Audit Events\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1103\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16feeb31-6377-437e-bbab-d7f73911896d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1007 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1007\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17200329-bf6c-46d8-ac6d-abf4641c2add\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1349 - Identification And Authentication (Non-Org. Users) | Use Of FICAM-Approved Products\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1349\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17641f70-94cd-4a5d-a613-3d1143e20e34\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy associations for a managed application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys an association resource that associates selected resource types to the specified managed application. This policy deployment does not support nested resource types.\",\r\n \"metadata\": {\r\n \"category\": \"Managed Application\"\r\n },\r\n \"parameters\": {\r\n \"targetManagedApplicationId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Managed application Id\",\r\n \"description\": \"Resource ID of the managed application to which resources need to be associated.\"\r\n }\r\n },\r\n \"resourceTypesToAssociate\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource types to associate\",\r\n \"description\": \"The list of resource types to be associated to the managed application.\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n },\r\n \"associationNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Association name prefix\",\r\n \"description\": \"Prefix to be added to the name of the association resource being created.\"\r\n },\r\n \"defaultValue\": \"DeployedByPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('resourceTypesToAssociate')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.CustomProviders/Associations\",\r\n \"name\": \"[concat(parameters('associationNamePrefix'), '-', uniqueString(parameters('targetManagedApplicationId')))]\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"associatedResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceTypesToAssociate\": {\r\n \"type\": \"string\"\r\n },\r\n \"targetManagedApplicationId\": {\r\n \"type\": \"string\"\r\n },\r\n \"associationNamePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"resourceType\": \"[concat(parameters('resourceTypesToAssociate'), '/providers/associations')]\",\r\n \"resourceName\": \"[concat(parameters('associatedResourceName'), '/microsoft.customproviders/', parameters('associationNamePrefix'), '-', uniqueString(parameters('targetManagedApplicationId')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[concat(deployment().Name, '-2')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"type\": \"[variables('resourceType')]\",\r\n \"name\": \"[variables('resourceName')]\",\r\n \"apiVersion\": \"2018-09-01-preview\",\r\n \"properties\": {\r\n \"targetResourceId\": \"[parameters('targetManagedApplicationId')]\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceTypesToAssociate\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"associatedResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"targetManagedApplicationId\": {\r\n \"value\": \"[parameters('targetManagedApplicationId')]\"\r\n },\r\n \"associationNamePrefix\": {\r\n \"value\": \"[parameters('associationNamePrefix')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17763ad9-70c0-4794-9397-53d765932634\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Transparent Data Encryption on SQL databases should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1325 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1325\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1845796a-7581-49b2-ae20-443121538e19\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1480 - Temperature And Humidity Controls\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"18a767cc-1947-4338-a240-bc058c81164f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1369 - Incident Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1369\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"18cc35ed-a429-486d-8d59-cb47e87304ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1269\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"19b9439d-865d-4474-b17d-97d2702fdb66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1071 - Wireless Access | Restrict Configurations By Users\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1071\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1a437f5b-9ad6-4f28-8861-de404d511ae4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy ensures that a log profile collects logs for categories 'write,' 'delete,' and 'action'\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/categories[*]\",\r\n \"notEquals\": \"Write\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/categories[*]\",\r\n \"notEquals\": \"Delete\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/categories[*]\",\r\n \"notEquals\": \"Action\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1a4e592a-6a6e-44a5-9814-e36264ca96e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Access to App Services should be restricted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Azure security center has discovered that the networking configuration of some of your app services are overly permissive and allow inbound traffic from ranges that are too broad\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"restrictAccessToAppServices\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1a833ff1-d297-4a0f-9944-888428f8e0ff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerability assessment should be enabled on your SQL managed instances\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit SQL managed instances which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/vulnerabilityAssessments\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1b7aa243-30e4-4c9e-bca8-d0d3022b634a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'PHP version' is the latest, if used as a part of the Api app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for API apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"PHPLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest PHP version\",\r\n \"description\": \"Latest supported PHP version for App Services\"\r\n },\r\n \"defaultValue\": \"7.3\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"PHP\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"[concat('PHP|', parameters('PHPLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"[parameters('PHPLatestVersion')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1072\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1ca29e41-34ec-4e70-aba9-6248aca18c31\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative Source)\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1cb067d5-c8b5-4113-a7ee-0a493633924b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1592 - External Information System Services | Consistent Interests Of Consumers And Providers\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d01ba6c-289f-42fd-a408-494b355b6222\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1088 - Security Awareness And Training Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d50f99d-1356-49c0-934a-45f742ba7783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1538 - Security Categorization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d7658b2-e827-49c3-a2ae-6d2bd0b45874\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Virtual machines should be migrated to new Azure Resource Manager resources\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachines\"\r\n ]\r\n },\r\n {\r\n \"value\": \"[field('type')]\",\r\n \"equals\": \"Microsoft.ClassicCompute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1298 - Identification And Authentication Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1298\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1dc784b5-4895-4d27-9d40-a06b032bd1ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1595 - Developer Configuration Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1595\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e0414e7-6ef5-4182-8076-aa82fbb53341\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"An Azure Active Directory administrator should be provisioned for SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Event Hub to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Event Hub to stream to a regional Log Analytics workspace when any Event Hub which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.EventHub/namespaces/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"ArchiveLogs\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"OperationalLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"AutoScaleLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"KafkaCoordinatorLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"EventHubVNetConnectionEvent\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"CustomerManagedKeyUserLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f6e93e8-6b31-41b1-83f6-36e449a42579\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Security Options - Shutdown'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Shutdown'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Shutdown: Allow system to be shut down without having to log on\",\r\n \"description\": \"Specifies whether a computer can be shut down when a user is not logged on. If this policy setting is enabled, the shutdown command is available on the Windows logon screen.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"ShutdownClearVirtualMemoryPagefile\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Shutdown: Clear virtual memory pagefile\",\r\n \"description\": \"Specifies whether the virtual memory pagefile is cleared when the system is shut down. When this policy setting is enabled, the system pagefile is cleared each time that the system shuts down properly. For systems with large amounts of RAM, this could result in substantial time needed to complete the shutdown.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsShutdown\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Shutdown: Allow system to be shut down without having to log on;ExpectedValue', '=', parameters('ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'), ',', 'Shutdown: Clear virtual memory pagefile;ExpectedValue', '=', parameters('ShutdownClearVirtualMemoryPagefile')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsShutdown\"\r\n },\r\n \"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn\": {\r\n \"value\": \"[parameters('ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn')]\"\r\n },\r\n \"ShutdownClearVirtualMemoryPagefile\": {\r\n \"value\": \"[parameters('ShutdownClearVirtualMemoryPagefile')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn\": {\r\n \"type\": \"string\"\r\n },\r\n \"ShutdownClearVirtualMemoryPagefile\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Shutdown: Allow system to be shut down without having to log on;ExpectedValue\",\r\n \"value\": \"[parameters('ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn')]\"\r\n },\r\n {\r\n \"name\": \"Shutdown: Clear virtual memory pagefile;ExpectedValue\",\r\n \"value\": \"[parameters('ShutdownClearVirtualMemoryPagefile')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f8c20ce-3414-4496-8b26-0e902a1541da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1616 - System And Communications Protection Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2006457a-48b3-4f7b-8d2e-1532287f9929\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1650 - Public Key Infrastructure Certificates\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1650\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201d3740-bd16-4baf-b4b8-7cda352228b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"The NSGs rules for web applications on IaaS should be hardened\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Azure security center has discovered that some of your virtual machines are running web applications, and the NSGs associated to these virtual machines are overly permissive with regards to the web application ports\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"21839937-d241-4fa5-95c6-b669253d9ab9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1111 - Response To Audit Processing Failures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"21de687c-f15e-4e51-bf8d-f35c8619965b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1596 - Developer Configuration Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1596\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"21e25e01-0ae0-41be-919e-04ce92b8e8b8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Audit'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Audit'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsAudit\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"21e2995e-683e-497a-9e81-2f42ad07050a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1426 - Media Protection Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1426\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"21f639bc-f42b-46b1-8f40-7a2a389c291a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1399 - Controlled Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1399\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2256e638-eb23-480f-9e15-6cf1af0a76b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1221\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22589a07-0007-486a-86ca-95355081ae2a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - Account Management'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Account Management'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesAccountManagement\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"225e937e-d32e-4713-ab74-13ce95b3519a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Management ports should be closed on your virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Open remote management ports are exposing your VM to a high level of risk from Internet-based attacks. These attacks attempt to brute force credentials to gain admin access to the machine.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"restrictAccessToManagementPorts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22730e10-96f6-4aac-ad84-9383d35b5917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1493 - System Security Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22b469b3-fccf-42da-aa3b-a28e6fb113ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Only secure connections to your Redis Cache should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that do not restrict the minimum password length to 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not restrict the minimum password length to 14 characters. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1256\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"232ab24b-810b-4640-9019-74a7d0d6a980\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Service Bus should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Service Bus not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.ServiceBus/namespaces/virtualNetworkRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"235359c5-7c52-4b82-9055-01c75cf9f60e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a regional Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"Execution\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Authoring\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1268 - Alternate Storage Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23f6e984-3053-4dfc-ab48-543b764781f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1122\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"243ec95e-800c-49d4-ba52-1fdd9f6b8b57\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1231 - Configuration Management Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1231\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"244e0c05-cc45-4fe7-bf36-42dcf01f457d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1082 - Information Sharing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1082\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24d480ef-11a0-4b1b-8e70-4e023bf2be23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that do not have a maximum password age of 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not have a maximum password age of 70 days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Data Lake Storage Gen1 to stream to a regional Log Analytics workspace when any Data Lake Storage Gen1 which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"Audit\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Requests\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25763a0a-5783-4f14-969e-79d4933eb74b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1372 - Incident Reporting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1372\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25b96717-c912-4c00-9143-4e487f411726\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1038 - Least Privilege | Privileged Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Endpoint protection solution should be installed on virtual machine scale sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit the existence and health of an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EndpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26a828e1-e88f-464e-bbb3-c134a282b9de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1649 - Collaborative Computing Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26d292cc-b0b8-4c29-9337-68abc758bf7b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Metric alert rules should be configured on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1396 - Controlled Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"276af98f-4ff9-4e69-99fb-c9b2452fb85f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1074 - Access Control For Mobile Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"27a69937-af92-4198-9b86-08d355c7e59a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1527 - Access Agreements\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1527\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2823de66-332f-4bfd-94a3-3eb036cd3b67\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuration when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"283a4e29-69d5-4c94-b99e-29acf003c899\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1436 - Media Transport\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28aab8b4-74fd-4b7c-9080-5a7be525d574\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1224 - Information System Component Inventory | Updates During Installations / Removals\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1224\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28cfa30b-7f72-47ce-ba3b-eed26c8d2c82\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1148 - Security Assessments | Independent Assessors\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1148\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e62650-c7c2-4786-bdfa-17edc1673902\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1418 - Nonlocal Maintenance | Comparable Security / Sanitization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1418\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e633fd-284e-4ea7-88b4-02ca157ed713\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"292a7c44-37fa-4c68-af7c-9d836955ded2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - User Account Control'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - User Account Control'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsUserAccountControl\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/29829ec2-489d-4925-81b7-bda06b1718e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"29829ec2-489d-4925-81b7-bda06b1718e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Appends the specified tag and value when any resource which is missing this tag is created or updated. Does not modify the tags of resources created before this policy was applied until those resources are changed. Does not apply to resource groups. New 'modify' effect policies are available that support remediation of tags on existing resources (see https://aka.ms/modifydoc).\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1219\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a39ac75-622b-4c88-9a3f-45b7373f7ef7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1274 - Alternate Processing Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2aee175f-cd16-4825-939a-a85349d96210\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1603 - Developer Security Testing And Evaluation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b909c26-162f-47ce-8e15-0c1f55632eac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Managed identity should be used in your Web App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Use a managed identity for enhanced authentication security\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/managedServiceIdentityId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b9ad585-36bc-4615-b300-fd4435808332\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1434 - Media Transport\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1434\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2c18f06b-a68d-41c3-8863-b8cd3acb5f8f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1343\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2c251a55-31eb-4e53-99c6-e9c43c393ac2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1388 - Information Spillage Response\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1388\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2c7c575a-d4c5-4f6f-bd49-dee97a8cba55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1344 - Authenticator Feedback\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1344\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2c895fe7-2d8e-43a2-838c-3a533a5b355e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Unattached disks should be encrypted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any unattached disk without encryption enabled.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/disks\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/disks/diskState\",\r\n \"equals\": \"Unattached\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/disks/encryptionSettingsCollection.enabled\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/disks/encryptionSettingsCollection.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2c89a2e5-7285-40fe-afe0-ae8654b92fb2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1593 - External Information System Services | Processing, Storage, And Service Location\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1593\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1546 - Vulnerability Scanning\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1546\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2ce1ea7e-4038-4e53-82f4-63e8859333c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1414 - Nonlocal Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1414\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2ce63a52-e47b-4ae2-adbb-6e40d967f9e6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1679 - Malicious Code Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1679\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2cf42a28-193e-41c5-98df-7688e7ef0a88\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1068 - Wireless Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1068\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d045bca-a0fd-452e-9f41-4ec33769717c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"App Service should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any App Service not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/virtualNetworkConnections\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d21331d-a4c2-4def-a9ad-ee4e1e023beb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1704 - Security Alerts, Advisories, And Directives\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1704\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d44b6fa-1134-4ea6-ad4e-9edb68f65429\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that do not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not store passwords using reversible encryption. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Linux VMs that allow remote connections from accounts without passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that allow remote connections from accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1077 - Use Of External Information Systems\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1077\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2dad3668-797a-412e-a798-07d3849a7a79\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1149 - Security Assessments | Specialized Assessments\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1149\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2e1b855b-a013-481a-aeeb-2bcb129fd35d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1497 - System Security Plan | Plan / Coordinate With Other Organizational Entities\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1497\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2e3c5583-1729-4d36-8771-59c32f090a22\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1000 - Access Control Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2ef3cc79-733e-48ed-ab6f-7bf439e9b406\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1519 - Personnel Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1519\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2f13915a-324c-4ab8-b45c-2eefeeefb098\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Network traffic data collection agent should be installed on Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Security Center uses the Microsoft Monitoring Dependency Agent to collect network traffic data from your Azure virtual machines to enable advanced network protection features such as traffic visualization on the network map, network hardening recommendations and specific network threats.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"preview\": \"true\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable Dependency Agent for Windows VMs monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2f2ee1de-44aa-4762-b6bd-0893fc3f306d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1144 - Security Assessments\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1144\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fa15ff1-a693-4ee4-b094-324818dc9a51\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1090 - Security Awareness Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1090\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fb740e5-cbc7-4d10-8686-d1bf826652b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Web Application should only be accessible over HTTPS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"OnlyHttpsForWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Network Access'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Network Access'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"30040dab-4e75-4456-8273-14b8f75d91d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs that are not joined to the specified domain\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that are not joined to the specified domain. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"DomainName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Domain Name (FQDN)\",\r\n \"description\": \"The fully qualified domain name (FQDN) that the Windows VMs should be joined to\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsDomainMembership\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[DomainMembership]WindowsDomainMembership;DomainName', '=', parameters('DomainName')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsDomainMembership\"\r\n },\r\n \"DomainName\": {\r\n \"value\": \"[parameters('DomainName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"DomainName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[DomainMembership]WindowsDomainMembership;DomainName\",\r\n \"value\": \"[parameters('DomainName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[DomainMembership]WindowsDomainMembership;DomainName\",\r\n \"value\": \"[parameters('DomainName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"315c850a-272d-4502-8935-b79010405970\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1042\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"319dc4f0-0fed-4ac9-8fc3-7aeddee82c07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1698 - Information System Monitoring | Individuals Posing Greater Risk\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"31b752c1-05a9-432a-8fce-c39b56550119\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1587 - External Information System Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32820956-9c6d-4376-934c-05cd8525be7c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1333 - Authenticator Management | Pki-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1333\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3298d6bf-4bc6-4278-a95d-f7ef3ac6e594\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs on which the specified services are not installed and 'Running'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines on which the specified services are not installed and 'Running'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ServiceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Service names (supports wildcards)\",\r\n \"description\": \"A semicolon-separated list of the names of the services that should be installed and 'Running'. e.g. 'WinRm;Wi*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsServiceStatus\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[WindowsServiceStatus]WindowsServiceStatus1;ServiceName', '=', parameters('ServiceName')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsServiceStatus\"\r\n },\r\n \"ServiceName\": {\r\n \"value\": \"[parameters('ServiceName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ServiceName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName\",\r\n \"value\": \"[parameters('ServiceName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName\",\r\n \"value\": \"[parameters('ServiceName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32b1e4d4-6cd5-47b4-a935-169da8a5c262\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1445 - Physical And Environmental Protection Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1445\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32d07d59-2716-4972-b37b-214a67ac4a37\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1282\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34042a97-ec6d-4263-93d2-8c1c46823b2a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Linux VMs that have accounts without passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Linux virtual machines that have accounts without passwords. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1151 - System Interconnections\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"347e3b69-7fb7-47df-a8ef-71a1a7b44bca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1412 - Nonlocal Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3492d949-0dbb-4589-88b3-7b59601cc764\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1475 - Emergency Lighting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1475\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34a63848-30cf-4081-937e-ce1a1c885501\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1060 - Remote Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1060\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34a987fd-2003-45de-a120-014956581f2b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1341 - Authenticator Management | Multiple Information System Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34cb7e92-fe4c-4826-b51e-8cd203fa5d35\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Logic Apps should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1210 - Configuration Settings\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3502c968-c490-4570-8167-1476f955e9b8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that do not have a maximum password age of 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have a maximum password age of 70 days. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CORS should not allow every resource to access your API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution Service\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1659\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"35a4102f-a778-4a2e-98c2-971056288df8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Gateway subnets should not be configured with a network security group\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy denies if a gateway subnet is configured with a network security group. Assigning a network security group to a gateway subnet will cause the gateway to stop functioning.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"GatewaySubnet\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"35f9c03a-cc27-418e-9c0c-539ff999d010\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From Executing Privileged Functions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1043\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"361a77f6-0f9c-4748-8eec-bc13aaaa2455\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Advanced Threat Protection on Storage Accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables Advanced Threat Protection on Storage Accounts.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/advancedThreatProtectionSettings\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/advancedThreatProtectionSettings/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"storageAccountName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2019-01-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings\",\r\n \"name\": \"[concat(parameters('storageAccountName'), '/Microsoft.Security/current')]\",\r\n \"properties\": {\r\n \"isEnabled\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"storageAccountName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"361c2074-3595-4e5d-8cab-4f21dffc835c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1313 - Identifier Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1313\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36220f5b-79a1-4cdb-8c74-2d2449f9a510\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1630 - Boundary Protection | External Telecommunications Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1630\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3643717a-3897-4bfd-8530-c7c96b26b2a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Automation account variables should be encrypted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1339 - Authenticator Management | Protection Of Authenticators\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1339\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"367ae386-db7f-4167-b672-984ff86277c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1685 - Information System Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36b0ef30-366f-4b1b-8652-a3511df11f53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Security Options - Network Security'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Network Security'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network Security: Configure encryption types allowed for Kerberos\",\r\n \"description\": \"Specifies the encryption types that Kerberos is allowed to use.\"\r\n },\r\n \"defaultValue\": \"2147483644\"\r\n },\r\n \"NetworkSecurityLANManagerAuthenticationLevel\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: LAN Manager authentication level\",\r\n \"description\": \"Specify which challenge-response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers.\"\r\n },\r\n \"defaultValue\": \"5\"\r\n },\r\n \"NetworkSecurityLDAPClientSigningRequirements\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: LDAP client signing requirements\",\r\n \"description\": \"Specify the level of data signing that is requested on behalf of clients that issue LDAP BIND requests.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: Minimum session security for NTLM SSP based (including secure RPC) clients\",\r\n \"description\": \"Specifies which behaviors are allowed by clients for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers for more information.\"\r\n },\r\n \"defaultValue\": \"537395200\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: Minimum session security for NTLM SSP based (including secure RPC) servers\",\r\n \"description\": \"Specifies which behaviors are allowed by servers for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services.\"\r\n },\r\n \"defaultValue\": \"537395200\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsNetworkSecurity\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Network Security: Configure encryption types allowed for Kerberos;ExpectedValue', '=', parameters('NetworkSecurityConfigureEncryptionTypesAllowedForKerberos'), ',', 'Network security: LAN Manager authentication level;ExpectedValue', '=', parameters('NetworkSecurityLANManagerAuthenticationLevel'), ',', 'Network security: LDAP client signing requirements;ExpectedValue', '=', parameters('NetworkSecurityLDAPClientSigningRequirements'), ',', 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients;ExpectedValue', '=', parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'), ',', 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers;ExpectedValue', '=', parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsNetworkSecurity\"\r\n },\r\n \"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos\": {\r\n \"value\": \"[parameters('NetworkSecurityConfigureEncryptionTypesAllowedForKerberos')]\"\r\n },\r\n \"NetworkSecurityLANManagerAuthenticationLevel\": {\r\n \"value\": \"[parameters('NetworkSecurityLANManagerAuthenticationLevel')]\"\r\n },\r\n \"NetworkSecurityLDAPClientSigningRequirements\": {\r\n \"value\": \"[parameters('NetworkSecurityLDAPClientSigningRequirements')]\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients\": {\r\n \"value\": \"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients')]\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers\": {\r\n \"value\": \"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkSecurityLANManagerAuthenticationLevel\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkSecurityLDAPClientSigningRequirements\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Network Security: Configure encryption types allowed for Kerberos;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityConfigureEncryptionTypesAllowedForKerberos')]\"\r\n },\r\n {\r\n \"name\": \"Network security: LAN Manager authentication level;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityLANManagerAuthenticationLevel')]\"\r\n },\r\n {\r\n \"name\": \"Network security: LDAP client signing requirements;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityLDAPClientSigningRequirements')]\"\r\n },\r\n {\r\n \"name\": \"Network security: Minimum session security for NTLM SSP based (including secure RPC) clients;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients')]\"\r\n },\r\n {\r\n \"name\": \"Network security: Minimum session security for NTLM SSP based (including secure RPC) servers;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36e17963-7202-494a-80c3-f508211c826b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36fbe499-f2f2-41b6-880e-52d7ea1d94a5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Security Options - Interactive Logon'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Interactive Logon'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsInteractiveLogon\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsInteractiveLogon\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3750712b-43d0-478e-9966-d2c26f6141b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1624 - Boundary Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1624\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37d079e3-d6aa-4263-a069-dd7ac6dd9684\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Storage accounts should be migrated to new Azure Resource Manager resources\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.ClassicStorage/storageAccounts\",\r\n \"Microsoft.Storage/StorageAccounts\"\r\n ]\r\n },\r\n {\r\n \"value\": \"[field('type')]\",\r\n \"equals\": \"Microsoft.ClassicStorage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1335 - Authenticator Management | Pki-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"382016f3-d4ba-4e15-9716-55077ec4dc2a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in IoT Hub should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1081 - Information Sharing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1081\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3867f2a9-23bb-4729-851f-c3ad98580caf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1522 - Personnel Transfer\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1522\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"38b470cc-f939-4a15-80e0-9f0c74f2e2c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1416 - Nonlocal Maintenance | Document Nonlocal Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1416\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"38dfd8a3-5290-4099-88b7-4081f4c4d8ae\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1397 - Controlled Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1397\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"391af4ab-1117-46b9-b2c7-78bbd5cd995b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1556\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"391ff8b3-afed-405e-9f7d-ef2f8168d5da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Advanced data security settings for SQL managed instance should contain an email address to receive security alerts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Ensure that an email address is provided for the 'Send alerts to' field in the Advanced Data Security server settings. This email address receives alert notifications when anomalous activities are detected on SQL managed instances.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1232 - Configuration Management Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1232\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"396ba986-eac1-4d6d-85c4-d3fda6b78272\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1246 - Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1246\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"398eb61e-8111-40d5-a0c9-003df28f1753\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"FTPS only should be required in your Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enable FTPS enforcement for enhanced security\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/ftpsState\",\r\n \"equals\": \"FtpsOnly\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"399b2637-a50f-4f95-96f8-3a145476eb15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1680 - Malicious Code Protection | Central Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1680\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"399cd6ee-0e18-41db-9dea-cde3bd712f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1228 - Information System Component Inventory | Accountability Information\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1228\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"39c54140-5902-4079-8bb5-ad31936fe764\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1039 - Least Privilege | Review Of User Privileges\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1039\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3a7b9de4-a8a2-4672-914d-c5f6752aa7f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1648 - Collaborative Computing Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1648\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3a9eb14b-495a-4ebb-933c-ce4ef5264e32\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1315 - Identifier Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1315\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3aa87116-f1a1-4edb-bfbf-14e036f8d454\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Pod Security Policies should be defined on Kubernetes Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Define Pod Security Policies to reduce the attack vector by removing unnecessary application privileges. It is recommended to configure Pod Security Policies to only allow pods to access the resources which they have permissions to access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3abeb944-26af-43ee-b83d-32aaf060fb94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1548 - Vulnerability Scanning\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3afe6c78-6124-4d95-b85c-eb8c0c9539cb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1003 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1003\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b68b179-3704-4ff7-b51d-7d65374d165d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerabilities in security configuration on your virtual machine scale sets should be remediated\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit the OS vulnerabilities on your virtual machine scale sets to protect them from attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"OsVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1621 - Resource Availability\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cb9f731-744a-4691-a481-ca77b0411538\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1521 - Personnel Termination | Automated Notification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1521\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1127 - Time Stamps\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1127\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ce328db-aef3-48ed-9f81-2ab7cf839c66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Search Services to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Search Services to stream to a regional Event Hub when any Search Services which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Search/searchServices/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"OperationLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d5da587-71bd-41f5-ac95-dd3330c2d58d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Devices'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Devices'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsDevices\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d7b154e-2700-4c8c-9e46-cb65ac1578c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1385 - Information Spillage Response\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e495e65-8663-49ca-9b38-9f45e800bc58\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Monitor solution 'Security and Audit' must be deployed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy ensures that Security and Audit is deployed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.OperationsManagement/solutions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.OperationsManagement/solutions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"like\": \"Security(*)\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e596b57-105f-48a6-be97-03e9243bad6e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1160 - Security Authorization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1160\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e797ca6-2aa8-4333-b335-7036f1110c05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1545 - Risk Assessment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1545\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3f4b171a-a56b-4328-8112-32cf7f947ee1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1179 - Baseline Configuration | Reviews And Updates\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1179\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1561 - Allocation Of Resources\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1561\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"40364c3f-c331-4e29-b1e3-2fbe998ba2f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Secure transfer to storage accounts should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1100 - Audit And Accountability Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1100\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4057863c-ca7d-47eb-b1e0-503580cba8a4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1637 - Boundary Protection | Fail Secure\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1637\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4075bedc-c62a-4635-bede-a01be89807f3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Administrative Templates - System'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Administrative Templates - System'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"AlwaysUseClassicLogon\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Always use classic logon\",\r\n \"description\": \"Specifies whether to force the user to log on to the computer using the classic logon screen. This setting only works when the computer is not on a domain.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"BootStartDriverInitializationPolicy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Boot-Start Driver Initialization Policy\",\r\n \"description\": \"Specifies which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver.\"\r\n },\r\n \"defaultValue\": \"3\"\r\n },\r\n \"EnableWindowsNTPClient\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Windows NTP Client\",\r\n \"description\": \"Specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"TurnOnConveniencePINSignin\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Turn on convenience PIN sign-in\",\r\n \"description\": \"Specifies whether a domain user can sign in using a convenience PIN.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdministrativeTemplatesSystem\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Always use classic logon;ExpectedValue', '=', parameters('AlwaysUseClassicLogon'), ',', 'Boot-Start Driver Initialization Policy;ExpectedValue', '=', parameters('BootStartDriverInitializationPolicy'), ',', 'Enable Windows NTP Client;ExpectedValue', '=', parameters('EnableWindowsNTPClient'), ',', 'Turn on convenience PIN sign-in;ExpectedValue', '=', parameters('TurnOnConveniencePINSignin')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_AdministrativeTemplatesSystem\"\r\n },\r\n \"AlwaysUseClassicLogon\": {\r\n \"value\": \"[parameters('AlwaysUseClassicLogon')]\"\r\n },\r\n \"BootStartDriverInitializationPolicy\": {\r\n \"value\": \"[parameters('BootStartDriverInitializationPolicy')]\"\r\n },\r\n \"EnableWindowsNTPClient\": {\r\n \"value\": \"[parameters('EnableWindowsNTPClient')]\"\r\n },\r\n \"TurnOnConveniencePINSignin\": {\r\n \"value\": \"[parameters('TurnOnConveniencePINSignin')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AlwaysUseClassicLogon\": {\r\n \"type\": \"string\"\r\n },\r\n \"BootStartDriverInitializationPolicy\": {\r\n \"type\": \"string\"\r\n },\r\n \"EnableWindowsNTPClient\": {\r\n \"type\": \"string\"\r\n },\r\n \"TurnOnConveniencePINSignin\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Always use classic logon;ExpectedValue\",\r\n \"value\": \"[parameters('AlwaysUseClassicLogon')]\"\r\n },\r\n {\r\n \"name\": \"Boot-Start Driver Initialization Policy;ExpectedValue\",\r\n \"value\": \"[parameters('BootStartDriverInitializationPolicy')]\"\r\n },\r\n {\r\n \"name\": \"Enable Windows NTP Client;ExpectedValue\",\r\n \"value\": \"[parameters('EnableWindowsNTPClient')]\"\r\n },\r\n {\r\n \"name\": \"Turn on convenience PIN sign-in;ExpectedValue\",\r\n \"value\": \"[parameters('TurnOnConveniencePINSignin')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"40917425-69db-4018-8dae-2a0556cef899\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1202 - Access Restrictions For Change\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"40a2a83b-74f2-4c02-ae65-f460a5d2792a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1438 - Media Sanitization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1438\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"40fcc635-52a2-4dbc-9523-80a1f4aa1de6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1365 - Incident Handling | Continuity Of Operations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1365\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4116891d-72f7-46ee-911c-8056cc8dcbd5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1022 - Account Management | Shared / Group Account Credential Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1022\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"411f7e2d-9a0b-4627-a0b9-1700432db47d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance Equipment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1464\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41256567-1795-4684-b00b-a1308ce43cac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Monitor should collect activity logs from all regions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits the Azure Monitor log profile which does not export activities from all Azure supported regions including global.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logProfiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"australiacentral\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"australiacentral2\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"australiaeast\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"australiasoutheast\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"brazilsouth\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"canadacentral\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"canadaeast\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"centralindia\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"centralus\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"eastasia\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"eastus\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"eastus2\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"francecentral\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"francesouth\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"japaneast\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"japanwest\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"koreacentral\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"koreasouth\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"northcentralus\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"northeurope\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"southafricanorth\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"southafricawest\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"southcentralus\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"southindia\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"southeastasia\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"uaecentral\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"uaenorth\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"uksouth\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"ukwest\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"westcentralus\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"westeurope\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"westindia\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"westus\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"westus2\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"global\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1263 - Contingency Plan Testing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41472613-3b05-49f6-8fe8-525af113ce17\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1096 - Role-Based Security Training | Practical Exercises\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1096\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"420c1477-aa43-49d0-bd7e-c4abdd9addff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1260 - Contingency Training | Simulated Events\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1260\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"42254fc4-2738-4128-9613-72aaa4f0d9c3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1694 - Information System Monitoring | Analyze Communications Traffic Anomalies\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"426c4ac9-ff17-49d0-acd7-a13c157081c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Batch accounts should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'System Audit Policies - Detailed Tracking'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Detailed Tracking'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"AuditProcessTermination\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Process Termination\",\r\n \"description\": \"Specifies whether audit events are generated when a process has exited. Recommended for monitoring termination of critical processes.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesDetailedTracking\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Audit Process Termination;ExpectedValue', '=', parameters('AuditProcessTermination')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesDetailedTracking\"\r\n },\r\n \"AuditProcessTermination\": {\r\n \"value\": \"[parameters('AuditProcessTermination')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditProcessTermination\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Process Termination;ExpectedValue\",\r\n \"value\": \"[parameters('AuditProcessTermination')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"42a07bbf-ffcf-459a-b4b1-30ecd118a505\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1174 - Configuration Management Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1174\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"42a9a714-8fbb-43ac-b115-ea12d2bd652f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1137 - Audit Generation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1137\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4344df62-88ab-4637-b97b-bcaf2ec97e7c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1367\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"435b2547-6374-4f87-b42d-6e8dbe6ae62a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1552\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"43684572-e4f1-4642-af35-6b933bc506da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Security Options - System settings'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - System settings'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies\",\r\n \"description\": \"Specifies whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. It enables or disables certificate rules (a type of software restriction policies rule). For certificate rules to take effect in software restriction policies, you must enable this policy setting.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsSystemsettings\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies;ExpectedValue', '=', parameters('SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsSystemsettings\"\r\n },\r\n \"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies\": {\r\n \"value\": \"[parameters('SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies;ExpectedValue\",\r\n \"value\": \"[parameters('SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"437a1f8f-8552-47a8-8b12-a2fee3269dd5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1544 - Risk Assessment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1544\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"43ced7c9-cd53-456b-b0da-2522649a4271\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1398 - Controlled Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1398\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"443e8f3d-b51a-45d8-95a7-18b0e42f4dc4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1066 - Remote Access | Disconnect / Disable Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1066\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4455c2e8-c65d-4acf-895e-304916f90b36\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1720 - Spam Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1720\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44b9a7cd-f36a-491a-a48b-6d04ae7c4221\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1334 - Authenticator Management | Pki-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1334\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44bfdadc-8c2e-4c30-9c99-f005986fabcd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1604 - Developer Security Testing And Evaluation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1604\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44dbba23-0b61-478e-89c7-b3084667782f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1712 - Software, Firmware, And Information Integrity\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1712\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44e543aa-41db-42aa-98eb-8a5eb1db53f0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1310 - Device Identification And Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1310\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"450d7ede-823d-4931-a99d-57f6a38807dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1559 - System And Services Acquisition Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1559\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"45692294-f074-42bd-ac54-16f1a3c07554\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1578 - Acquisition Process | Functions / Ports / Protocols / Services In Use\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1578\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"45b7b644-5f91-498e-9d89-7402532d3645\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1565 - System Development Life Cycle\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1565\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"45ce2396-5c76-4654-9737-f8792ab3d26b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party Registration\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"463e5220-3f79-4e24-a63f-343e4096cd22\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0. This policy is deprecated because it is no longer possible to create an Azure SQL server with any version other than 12.0.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": \"true\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1346 - Identification And Authentication (Non-Organizational Users)\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1346\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dc8ce-2200-4720-87a5-dc5952924cc6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require automatic OS image patching on Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces enabling automatic OS image patching on Virtual Machine Scale Sets to always keep Virtual Machines secure by safely applying latest security patches every month.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade\",\r\n \"notEquals\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"notEquals\": \"True\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1368 - Incident Handling | Correlation With External Organizations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1368\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f32da-0ace-4603-8d1b-7be5a3a702de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity Using Encryption\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4708723f-e099-4af1-bbf9-b6df7642e444\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Automatic provisioning of the Log Analytics monitoring agent should be enabled on your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enable automatic provisioning of the Log Analytics monitoring agent in order to collect security data\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/autoProvisioningSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/autoProvisioningSettings/autoProvision\",\r\n \"equals\": \"On\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"475aae12-b88a-4572-8b36-9b712b2b3a17\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Adaptive Application Controls should be enabled on virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1359 - Incident Response Testing | Coordination With Related Plans\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1359\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47bc7ea0-7d13-4f7c-a154-b903f7194253\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1165 - Continuous Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1165\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47e10916-6c9e-446b-b0bd-ff5fd439d79d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1048 - System Use Notification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1048\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"483e7ca9-82b3-45a2-be97-b93163a0deb7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1033 - Separation Of Duties\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1033\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48540f01-fc11-411a-b160-42807c68896e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1477 - Fire Protection | Detection Devices / Systems\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1477\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4862a63c-6c74-4a9d-a221-89af3c374503\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1484 - Water Damage Protection | Automation Support\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1484\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"486b006a-3653-45e8-b41c-a052d3e05456\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Geo-redundant backup should be enabled for Azure Database for PostgreSQL\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Azure Database for PostgreSQL with geo-redundant backup not enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/storageProfile.geoRedundantBackup\",\r\n \"notEquals\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48af4db5-9b8b-401c-8e74-076be876a430\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1669 - Flaw Remediation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1669\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48f2f62b-5743-4415-a143-288adc0e078d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1376 - Incident Response Assistance | Coordination With External Providers\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1376\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"493a95f3-f2e3-47d0-af02-65e6d6decc2f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'Java version' is the latest, if used as a part of the Web app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for Java software either due to security flaws or to include additional functionality. Using the latest Java version for web apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"JavaLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest Java version\",\r\n \"description\": \"Latest supported Java version for App Services\"\r\n },\r\n \"defaultValue\": \"11\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"JAVA\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"like\": \"[concat('*', parameters('JavaLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"like\": \"[concat(parameters('JavaLatestVersion'), '*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"496223c3-ad65-4ecd-878a-bae78737e9ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Security Options - Audit'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Audit'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit: Shut down system immediately if unable to log security audits\",\r\n \"description\": \"Audits if the system will shut down when unable to log Security events.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsAudit\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Audit: Shut down system immediately if unable to log security audits;ExpectedValue', '=', parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsAudit\"\r\n },\r\n \"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits\": {\r\n \"value\": \"[parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit: Shut down system immediately if unable to log security audits;ExpectedValue\",\r\n \"value\": \"[parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"498b810c-59cd-4222-9338-352ba146ccf3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1329 - Authenticator Management | Password-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1329\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"498f6234-3e20-4b6a-a880-cbd646d973bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1638\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49b99653-32cd-405d-a135-e7d60a9aae1f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Appends the specified tag and value when any resource group which is missing this tag is created or updated. Does not modify the tags of resource groups created before this policy was applied until those resource groups are changed. New 'modify' effect policies are available that support remediation of tags on existing resources (see https://aka.ms/modifydoc).\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1294\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49dbe627-2c1e-438c-979e-dd7a39bbf81d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1218 - Least Functionality | Prevent Program Execution\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1218\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a1d0394-b9f5-493e-9e83-563fd0ac4df8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1677 - Malicious Code Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1677\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a248e1e-040f-43e5-bff2-afc3a57a3923\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1094 - Role-Based Security Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b1853e0-8973-446b-b567-09d901d31a09\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c090801-59bc-4454-bb33-e0455133486a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1364 - Incident Handling | Dynamic Reconfiguration\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1364\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c615c2a-dc83-4dda-8220-abce7b50c9bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers At Logout\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1661\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c643c9a-1be7-4016-a5e7-e4bada052920\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1373 - Incident Reporting | Automated Reporting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1373\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cca950f-c3b7-492a-8e8f-ea39663c14f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1632\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4ce9073a-77fa-48f0-96b1-87aa8e6091c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Linux VMs that do not have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Linux virtual machines that do not have the specified applications installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should be installed. e.g. 'python; powershell'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent', '=', concat('packages: [', replace(parameters('ApplicationName'), ';', ','), ']')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', replace(parameters('ApplicationName'), ';', ','), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', replace(parameters('ApplicationName'), ';', ','), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"FTPS should be required in your Web App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enable FTPS enforcement for enhanced security\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/ftpsState\",\r\n \"equals\": \"FtpsOnly\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1155 - System Interconnections | Restrictions On External System Connections\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1155\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d33f9f1-12d0-46ad-9fbd-8f8046694977\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1156 - Plan Of Action And Milestones\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1156\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d52e864-9a3b-41ee-8f03-520815fe5378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1312 - Identifier Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1312\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d6a5968-9eef-4c18-8534-376790ab7274\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\",\r\n \"12-SP3\",\r\n \"12-SP4\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a regional Event Hub when any Data Lake Analytics which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"Audit\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Requests\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4daddf25-4823-43d4-88eb-2419eb6dcc08\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1394 - System Maintenance Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1394\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4db56f68-3f50-45ab-88f3-ca46f5379a94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1702 - Information System Monitoring | Indicators Of Compromise\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1702\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4dfc0855-92c4-4641-b155-a55ddd962362\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1001 - Access Control Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1001\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4e26f8c3-4bf3-4191-b8fc-d888805101b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1083 - Publicly Accessible Content\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1083\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4e319cb6-2ca3-4a58-ad75-e67f484e50ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1579 - Acquisition Process | Use Of Approved Piv Products\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1579\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4e54c7ef-7457-430b-9a3e-ef8881d4a8e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1247 - Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1247\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4e666db5-b2ef-4b06-aac6-09bfce49151b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1196 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1196\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4e7f4ea4-dd62-44f6-8886-ac6137cf52b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1134 - Protection Of Audit Information | Access By Subset Of Privileged Users\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1134\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4e95f70e-181c-4422-9da2-43079710c789\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1267 - Alternate Storage Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1267\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4e97ba1d-be5d-4953-8da4-0cccf28f4805\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1192 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4ebd97f7-b105-4f50-8daf-c51465991240\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1139 - Audit Generation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4ed62522-de00-4dda-9810-5205733d2f34\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"A maximum of 3 owners should be designated for your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1442 - Media Sanitization | Nondestructive Techniques\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f26049b-2c5a-4841-9ff3-d48a26aae475\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1182 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f34f554-da4b-4786-8d66-7915c90893da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"A security contact email address should be provided for your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enter an email address to receive notifications when Azure Security Center detects compromised resources\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/securityContacts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/securityContacts/email\",\r\n \"notEquals\": \"\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add a tag to resources\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Adds the specified tag and value when any resource missing this tag is created or updated. Existing resources can be remediated by triggering a remediation task. If the tag exists with a different value it will not be changed. Does not modify tags on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"add\",\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f9dc7db-30c1-420c-b61a-e1d640128d26\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview] Vulnerability Assessment should be enabled on Virtual Machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Azure Security Center Vulnerability Assessment on Virtual Machines\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"serverVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"501541f7-f7e7-4cd6-868c-4190fdad3ac9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1485 - Delivery And Removal\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50301354-95d0-4a11-8af5-8039ecf6d38b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric Keys\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"506814fa-b930-4b10-894e-a45b98c40e1a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1566 - System Development Life Cycle\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50ad3724-e2ac-4716-afcc-d8eabd97adb9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy ensures that all Azure virtual network gateway connections use a custom Internet Protocol Security(Ipsec)/Internet Key Exchange(IKE) policy. Supported algorithms and key strengths - https://aka.ms/AA62kb0\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"IPsecEncryption\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IPsec Encryption\",\r\n \"description\": \"IPsec Encryption\"\r\n }\r\n },\r\n \"IPsecIntegrity\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IPsec Integrity\",\r\n \"description\": \"IPsec Integrity\"\r\n }\r\n },\r\n \"IKEEncryption\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IKE Encryption\",\r\n \"description\": \"IKE Encryption\"\r\n }\r\n },\r\n \"IKEIntegrity\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IKE Integrity\",\r\n \"description\": \"IKE Integrity\"\r\n }\r\n },\r\n \"DHGroup\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"DH Group\",\r\n \"description\": \"DH Group\"\r\n }\r\n },\r\n \"PFSGroup\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"PFS Group\",\r\n \"description\": \"PFS Group\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/connections\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption\",\r\n \"notIn\": \"[parameters('IPsecEncryption')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity\",\r\n \"notIn\": \"[parameters('IPsecIntegrity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption\",\r\n \"notIn\": \"[parameters('IKEEncryption')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity\",\r\n \"notIn\": \"[parameters('IKEIntegrity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/connections/ipsecPolicies[*].dhGroup\",\r\n \"notIn\": \"[parameters('DHGroup')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup\",\r\n \"notIn\": \"[parameters('PFSGroup')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50b83b09-03da-41c1-b656-c293c914862b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1248 - Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50fc602d-d8e0-444b-a039-ad138ee5deb0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1386 - Information Spillage Response\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5120193e-91fd-4f9d-bc6d-194f94734065\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1352 - Incident Response Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"518cb545-bfa8-43f8-a108-3b7d5037469a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1642 - Network Disconnect\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"53397227-5ee3-4b23-9e5e-c8a767ce6928\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Connection throttling should be enabled for PostgreSQL database servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy helps audit any PostgreSQL databases in your environment without Connection throttling enabled. This setting enables temporary connection throttling per IP for too many invalid password login failures.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.DBforPostgreSQL/servers/configurations\",\r\n \"name\": \"connection_throttling\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/configurations/value\",\r\n \"equals\": \"ON\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5345bb39-67dc-4960-a1bf-427e16b9a0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1467 - Visitor Access Records\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5350cbf9-8bdd-4904-b22a-e88be84ca49d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1183 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1183\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5352e3e0-e63a-452e-9e5f-9c1d181cff9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1029 - Information Flow Enforcement | Security Policy Filters\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1029\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1270\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"53c76a39-2097-408a-b237-b279f7b4614d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1040 - Least Privilege | Review Of User Privileges\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1040\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"54205576-cec9-463f-ba44-b4b3f5d0a84c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1015 - Account Management | Disable Inactive Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1015\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"544a208a-9c3f-40bc-b1d1-d7e144495c14\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1026 - Account Management | Disable Accounts For High-Risk Individuals\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1026\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"55419419-c597-4cd4-b51e-009fd2266783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1045 - Unsuccessful Logon Attempts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1523 - Personnel Transfer\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1523\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5577a310-2551-49c8-803b-36e0d5e55601\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1113 - Response To Audit Processing Failures | Audit Storage Capacity\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"562afd61-56be-4313-8fe4-b9564aa4ba7d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1212 - Configuration Settings | Automated Central Management / Application / Verification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1212\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"56d970ee-4efc-49c8-8a4e-5916940d784c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1403\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"57149289-d52b-4f40-9fe6-5233c1ef80f7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CORS should not allow every resource to access your Web Applications\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Cross-Origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1162 - Continuous Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1162\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1054 - Session Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1054\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5807e1b4-ba5e-4718-8689-a0ca05a191b2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1584 - Information System Documentation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5864522b-ff1d-4979-a9f8-58bee1fb174c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1547 - Vulnerability Scanning\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1547\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1573 - Acquisition Process\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1573\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"58c93053-7b98-4cf0-b99f-1beb985416c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Ensure Function app is using the latest version of TLS encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Please use /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193 instead. The TLS(Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS. App service allows TLS 1.2 by default, which is the recommended TLS level by industry standards, such as PCI DSS\",\r\n \"metadata\": {\r\n \"category\": \"App Service\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.minTlsVersion\",\r\n \"equals\": \"1.2\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"58d94fc1-a072-47c2-bd37-9cdb38e77453\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1063 - Remote Access | Managed Access Control Points\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1063\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"593ce201-54b2-4dd0-b34f-c308005d7780\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1463 - Monitoring Physical Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1463\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"59721f87-ae25-4db0-a2a4-77cc5b25d495\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1425 - Timely Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1425\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5983d99c-f39b-4c32-a3dc-170f19f6941b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1512 - Personnel Screening\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1512\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8324ad-f599-429b-aaed-f9c6e8c987a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that do not have a minimum password age of 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not have a minimum password age of 1 day. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1032 - Separation Of Duties\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1032\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa85661-d618-46b8-a20f-ca40a86f0751\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that do not restrict the minimum password length to 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not restrict the minimum password length to 14 characters. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1555\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5afa8cab-1ed7-4e40-884c-64e0ac2059cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1205 - Access Restrictions For Change | Signed Components\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1205\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b070cab-0fb8-4e48-ad29-fc90b4c2797c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1005 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1005\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b626abc-26d4-4e22-9de8-3831818526b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1105 - Audit Events\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1105\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b73f57b-587d-4470-a344-0b0ae805f459\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Linux VMs that have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1433 - Media Transport\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b879b41-2728-41c5-ad24-9ee2c37cbe65\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/clientCertEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5bb220d9-2698-4ee4-8404-b9c30c9df609\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs on which the remote host connection status does not match the specified one\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines on which the remote host connection status does not match the specified one. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"host\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Remote Host Name\",\r\n \"description\": \"Specifies the Domain Name System (DNS) name or IP address of the remote host machine.\"\r\n }\r\n },\r\n \"port\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Port\",\r\n \"description\": \"The TCP port number on the remote host name.\"\r\n }\r\n },\r\n \"shouldConnect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Should connect to remote host\",\r\n \"description\": \"Must be 'True' or 'False'. 'True' indicates that the virtual machine should be able to establish a connection with the remote host specified, so the machine will be non-compliant if it cannot establish a connection. 'False' indicates that the virtual machine should not be able to establish a connection with the remote host specified, so the machine will be non-compliant if it can establish a connection.\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsRemoteConnection\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[WindowsRemoteConnection]WindowsRemoteConnection1;host', '=', parameters('host'), ',', '[WindowsRemoteConnection]WindowsRemoteConnection1;port', '=', parameters('port'), ',', '[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect', '=', parameters('shouldConnect')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsRemoteConnection\"\r\n },\r\n \"host\": {\r\n \"value\": \"[parameters('host')]\"\r\n },\r\n \"port\": {\r\n \"value\": \"[parameters('port')]\"\r\n },\r\n \"shouldConnect\": {\r\n \"value\": \"[parameters('shouldConnect')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"host\": {\r\n \"type\": \"string\"\r\n },\r\n \"port\": {\r\n \"type\": \"string\"\r\n },\r\n \"shouldConnect\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsRemoteConnection]WindowsRemoteConnection1;host\",\r\n \"value\": \"[parameters('host')]\"\r\n },\r\n {\r\n \"name\": \"[WindowsRemoteConnection]WindowsRemoteConnection1;port\",\r\n \"value\": \"[parameters('port')]\"\r\n },\r\n {\r\n \"name\": \"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect\",\r\n \"value\": \"[parameters('shouldConnect')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsRemoteConnection]WindowsRemoteConnection1;host\",\r\n \"value\": \"[parameters('host')]\"\r\n },\r\n {\r\n \"name\": \"[WindowsRemoteConnection]WindowsRemoteConnection1;port\",\r\n \"value\": \"[parameters('port')]\"\r\n },\r\n {\r\n \"name\": \"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect\",\r\n \"value\": \"[parameters('shouldConnect')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5bb36dda-8a78-4df9-affd-4f05a8612a8a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1551\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5bbda922-0172-4095-89e6-5b4a0bf03af7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Network Security'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Network Security'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsNetworkSecurity\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c028d2a-1889-45f6-b821-31f42711ced8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1671 - Flaw Remediation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c5bbef7-a316-415b-9b38-29753ce8e698\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1067 - Wireless Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c5e54f6-0127-44d0-8b61-f31dc8dd6190\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"External accounts with write permissions should be removed from your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1483 - Water Damage Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5cb81060-3c8a-4968-bcdc-395a1801f6c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1362 - Incident Handling\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1362\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5d169442-d6ef-439b-8dca-46c2c3248214\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1014 - Account Management | Removal Of Temporary / Emergency Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1014\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5dee936c-8037-4df1-ab35-6635733da48c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1665 - Process Isolation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1665\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df3a55c-8456-44d4-941e-175f79332512\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Function App should only be accessible over HTTPS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"OnlyHttpsForFunctionApp\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1251\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e2b3730-8c14-4081-8893-19dbb5de7348\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs that do not have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1116 - Audit Review, Analysis, And Reporting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1116\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e47bc51-35d1-44b8-92af-e2f2d8b67635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1208 - Configuration Settings\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1208\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ea87673-d06b-456f-a324-8abcee5c159f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1576 - Acquisition Process | Design / Implementation Information For Security Controls\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f18c885-ade3-48c5-80b1-8f9216019c18\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"External accounts with read permissions should be removed from your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add or replace a tag on resources\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Adds or replaces the specified tag and value when any resource is created or updated. Existing resources can be remediated by triggering a remediation task. Does not modify tags on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"addOrReplace\",\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ffd78d9-436d-4b41-a421-5baa819e3008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1663 - Protection Of Information At Rest\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1663\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60171210-6dde-40af-a144-bf2670518bfa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - Object Access'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Object Access'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesObjectAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60aeaf73-a074-417a-905f-7ce9df0ff77b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Storage Accounts should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Storage Account not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"notEquals\": \"Deny\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*].id\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60d21c4f-21a3-4d94-85f4-b924e6aeeda4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows web servers that are not using secure communication protocols\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Advanced Data Security on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables Advanced Data Security on SQL Servers. This includes turning on Threat Detection and Vulnerability Assessment. It will automatically create a storage account in the same region and resource group as the SQL server to store scan results, with a 'sqlva' prefix.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"serverResourceGroupName\": \"[resourceGroup().name]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), variables('serverResourceGroupName'), parameters('location'))]\",\r\n \"storageName\": \"[tolower(concat('sqlva', variables('uniqueStorage')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[variables('storageName')]\",\r\n \"apiVersion\": \"2016-01-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"properties\": {}\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/vulnerabilityAssessments\",\r\n \"apiVersion\": \"2018-06-01-preview\",\r\n \"properties\": {\r\n \"storageContainerPath\": \"[concat(reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageName'))).primaryEndpoints.blob, 'vulnerability-assessment')]\",\r\n \"storageAccountAccessKey\": \"[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), '2018-02-01').keys[0].value]\",\r\n \"recurringScans\": {\r\n \"isEnabled\": true,\r\n \"emailSubscriptionAdmins\": true,\r\n \"emails\": []\r\n }\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Storage/storageAccounts/', variables('storageName'))]\",\r\n \"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/securityAlertPolicies/Default')]\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6134c3db-786f-471e-87bc-8f479dc890f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Configure time zone on Windows machines.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to set specified time zone on Windows virtual machines.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"TimeZone\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time zone\",\r\n \"description\": \"The expected time zone\"\r\n },\r\n \"allowedValues\": [\r\n \"(UTC-12:00) International Date Line West\",\r\n \"(UTC-11:00) Coordinated Universal Time-11\",\r\n \"(UTC-10:00) Aleutian Islands\",\r\n \"(UTC-10:00) Hawaii\",\r\n \"(UTC-09:30) Marquesas Islands\",\r\n \"(UTC-09:00) Alaska\",\r\n \"(UTC-09:00) Coordinated Universal Time-09\",\r\n \"(UTC-08:00) Baja California\",\r\n \"(UTC-08:00) Coordinated Universal Time-08\",\r\n \"(UTC-08:00) Pacific Time (US & Canada)\",\r\n \"(UTC-07:00) Arizona\",\r\n \"(UTC-07:00) Chihuahua, La Paz, Mazatlan\",\r\n \"(UTC-07:00) Mountain Time (US & Canada)\",\r\n \"(UTC-06:00) Central America\",\r\n \"(UTC-06:00) Central Time (US & Canada)\",\r\n \"(UTC-06:00) Easter Island\",\r\n \"(UTC-06:00) Guadalajara, Mexico City, Monterrey\",\r\n \"(UTC-06:00) Saskatchewan\",\r\n \"(UTC-05:00) Bogota, Lima, Quito, Rio Branco\",\r\n \"(UTC-05:00) Chetumal\",\r\n \"(UTC-05:00) Eastern Time (US & Canada)\",\r\n \"(UTC-05:00) Haiti\",\r\n \"(UTC-05:00) Havana\",\r\n \"(UTC-05:00) Indiana (East)\",\r\n \"(UTC-05:00) Turks and Caicos\",\r\n \"(UTC-04:00) Asuncion\",\r\n \"(UTC-04:00) Atlantic Time (Canada)\",\r\n \"(UTC-04:00) Caracas\",\r\n \"(UTC-04:00) Cuiaba\",\r\n \"(UTC-04:00) Georgetown, La Paz, Manaus, San Juan\",\r\n \"(UTC-04:00) Santiago\",\r\n \"(UTC-03:30) Newfoundland\",\r\n \"(UTC-03:00) Araguaina\",\r\n \"(UTC-03:00) Brasilia\",\r\n \"(UTC-03:00) Cayenne, Fortaleza\",\r\n \"(UTC-03:00) City of Buenos Aires\",\r\n \"(UTC-03:00) Greenland\",\r\n \"(UTC-03:00) Montevideo\",\r\n \"(UTC-03:00) Punta Arenas\",\r\n \"(UTC-03:00) Saint Pierre and Miquelon\",\r\n \"(UTC-03:00) Salvador\",\r\n \"(UTC-02:00) Coordinated Universal Time-02\",\r\n \"(UTC-02:00) Mid-Atlantic - Old\",\r\n \"(UTC-01:00) Azores\",\r\n \"(UTC-01:00) Cabo Verde Is.\",\r\n \"(UTC) Coordinated Universal Time\",\r\n \"(UTC+00:00) Dublin, Edinburgh, Lisbon, London\",\r\n \"(UTC+00:00) Monrovia, Reykjavik\",\r\n \"(UTC+00:00) Sao Tome\",\r\n \"(UTC+01:00) Casablanca\",\r\n \"(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna\",\r\n \"(UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague\",\r\n \"(UTC+01:00) Brussels, Copenhagen, Madrid, Paris\",\r\n \"(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb\",\r\n \"(UTC+01:00) West Central Africa\",\r\n \"(UTC+02:00) Amman\",\r\n \"(UTC+02:00) Athens, Bucharest\",\r\n \"(UTC+02:00) Beirut\",\r\n \"(UTC+02:00) Cairo\",\r\n \"(UTC+02:00) Chisinau\",\r\n \"(UTC+02:00) Damascus\",\r\n \"(UTC+02:00) Gaza, Hebron\",\r\n \"(UTC+02:00) Harare, Pretoria\",\r\n \"(UTC+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius\",\r\n \"(UTC+02:00) Jerusalem\",\r\n \"(UTC+02:00) Kaliningrad\",\r\n \"(UTC+02:00) Khartoum\",\r\n \"(UTC+02:00) Tripoli\",\r\n \"(UTC+02:00) Windhoek\",\r\n \"(UTC+03:00) Baghdad\",\r\n \"(UTC+03:00) Istanbul\",\r\n \"(UTC+03:00) Kuwait, Riyadh\",\r\n \"(UTC+03:00) Minsk\",\r\n \"(UTC+03:00) Moscow, St. Petersburg\",\r\n \"(UTC+03:00) Nairobi\",\r\n \"(UTC+03:30) Tehran\",\r\n \"(UTC+04:00) Abu Dhabi, Muscat\",\r\n \"(UTC+04:00) Astrakhan, Ulyanovsk\",\r\n \"(UTC+04:00) Baku\",\r\n \"(UTC+04:00) Izhevsk, Samara\",\r\n \"(UTC+04:00) Port Louis\",\r\n \"(UTC+04:00) Saratov\",\r\n \"(UTC+04:00) Tbilisi\",\r\n \"(UTC+04:00) Volgograd\",\r\n \"(UTC+04:00) Yerevan\",\r\n \"(UTC+04:30) Kabul\",\r\n \"(UTC+05:00) Ashgabat, Tashkent\",\r\n \"(UTC+05:00) Ekaterinburg\",\r\n \"(UTC+05:00) Islamabad, Karachi\",\r\n \"(UTC+05:00) Qyzylorda\",\r\n \"(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi\",\r\n \"(UTC+05:30) Sri Jayawardenepura\",\r\n \"(UTC+05:45) Kathmandu\",\r\n \"(UTC+06:00) Astana\",\r\n \"(UTC+06:00) Dhaka\",\r\n \"(UTC+06:00) Omsk\",\r\n \"(UTC+06:30) Yangon (Rangoon)\",\r\n \"(UTC+07:00) Bangkok, Hanoi, Jakarta\",\r\n \"(UTC+07:00) Barnaul, Gorno-Altaysk\",\r\n \"(UTC+07:00) Hovd\",\r\n \"(UTC+07:00) Krasnoyarsk\",\r\n \"(UTC+07:00) Novosibirsk\",\r\n \"(UTC+07:00) Tomsk\",\r\n \"(UTC+08:00) Beijing, Chongqing, Hong Kong, Urumqi\",\r\n \"(UTC+08:00) Irkutsk\",\r\n \"(UTC+08:00) Kuala Lumpur, Singapore\",\r\n \"(UTC+08:00) Perth\",\r\n \"(UTC+08:00) Taipei\",\r\n \"(UTC+08:00) Ulaanbaatar\",\r\n \"(UTC+08:45) Eucla\",\r\n \"(UTC+09:00) Chita\",\r\n \"(UTC+09:00) Osaka, Sapporo, Tokyo\",\r\n \"(UTC+09:00) Pyongyang\",\r\n \"(UTC+09:00) Seoul\",\r\n \"(UTC+09:00) Yakutsk\",\r\n \"(UTC+09:30) Adelaide\",\r\n \"(UTC+09:30) Darwin\",\r\n \"(UTC+10:00) Brisbane\",\r\n \"(UTC+10:00) Canberra, Melbourne, Sydney\",\r\n \"(UTC+10:00) Guam, Port Moresby\",\r\n \"(UTC+10:00) Hobart\",\r\n \"(UTC+10:00) Vladivostok\",\r\n \"(UTC+10:30) Lord Howe Island\",\r\n \"(UTC+11:00) Bougainville Island\",\r\n \"(UTC+11:00) Chokurdakh\",\r\n \"(UTC+11:00) Magadan\",\r\n \"(UTC+11:00) Norfolk Island\",\r\n \"(UTC+11:00) Sakhalin\",\r\n \"(UTC+11:00) Solomon Is., New Caledonia\",\r\n \"(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky\",\r\n \"(UTC+12:00) Auckland, Wellington\",\r\n \"(UTC+12:00) Coordinated Universal Time+12\",\r\n \"(UTC+12:00) Fiji\",\r\n \"(UTC+12:00) Petropavlovsk-Kamchatsky - Old\",\r\n \"(UTC+12:45) Chatham Islands\",\r\n \"(UTC+13:00) Coordinated Universal Time+13\",\r\n \"(UTC+13:00) Nuku'alofa\",\r\n \"(UTC+13:00) Samoa\",\r\n \"(UTC+14:00) Kiritimati Island\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"SetWindowsTimeZone\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[WindowsTimeZone]WindowsTimeZone1;TimeZone', '=', parameters('TimeZone')))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"SetWindowsTimeZone\"\r\n },\r\n \"TimeZone\": {\r\n \"value\": \"[parameters('TimeZone')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"TimeZone\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"assignmentType\": \"DeployAndAutoCorrect\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\r\n \"value\": \"[parameters('TimeZone')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"assignmentType\": \"DeployAndAutoCorrect\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\r\n \"value\": \"[parameters('TimeZone')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6141c932-9384-44c6-a395-59e4c057d7c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1110 - Audit Storage Capacity\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1110\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6182bfa7-0f2a-43f5-834a-a2ddf31c13c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1415 - Nonlocal Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1415\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"61a1dd98-b259-4840-abd5-fbba7ee0da83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1153 - System Interconnections\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1153\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"61cf3125-142c-4754-8a16-41ab4d529635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - System objects'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - System objects'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsSystemobjects\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"620e58b5-ac75-49b4-993f-a9d4f0459636\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"62b638c5-29d7-404b-8d93-f21e4b1ce198\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1660 - Session Authenticity\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1660\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"63096613-ce83-43e5-96f4-e588e8813554\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1002 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1002\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"632024c2-8079-439d-a7f6-90af1d78cc65\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1498 - Rules Of Behavior\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1498\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"633988b9-cf2f-4323-8394-f0d2af9cd6e1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1177 - Baseline Configuration | Reviews And Updates\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1177\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1185 - Configuration Change Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1185\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6420cd73-b939-43b7-9d99-e8688fea053c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Security Options - Devices'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Devices'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"DevicesAllowedToFormatAndEjectRemovableMedia\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Devices: Allowed to format and eject removable media\",\r\n \"description\": \"Specifies who is allowed to format and eject removable NTFS media. You can use this policy setting to prevent unauthorized users from removing data on one computer to access it on another computer on which they have local administrator privileges.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsDevices\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Devices: Allowed to format and eject removable media;ExpectedValue', '=', parameters('DevicesAllowedToFormatAndEjectRemovableMedia')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsDevices\"\r\n },\r\n \"DevicesAllowedToFormatAndEjectRemovableMedia\": {\r\n \"value\": \"[parameters('DevicesAllowedToFormatAndEjectRemovableMedia')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"DevicesAllowedToFormatAndEjectRemovableMedia\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Devices: Allowed to format and eject removable media;ExpectedValue\",\r\n \"value\": \"[parameters('DevicesAllowedToFormatAndEjectRemovableMedia')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6481cc21-ed6e-4480-99dd-ea7c5222e897\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1441 - Media Sanitization | Equipment Testing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6519d7f3-e8a2-4ff3-a935-9a9497152ad7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1558\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"65592b16-4367-42c5-a26e-d371be450e17\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is no longer necessary because storage blob encryption is enabled by default and cannot be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1261 - Contingency Plan Testing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1261\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"65aeceb5-a59c-4cb1-8d82-9c474be5d431\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1444 - Media Use | Prohibit Use Without Owner\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1444\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"666143df-f5e0-45bd-b554-135f0f93e44e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1319 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"66f7ae57-5560-4fc5-85c9-659f204e7a42\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1628 - Boundary Protection | External Telecommunications Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"67de62b4-a737-4781-8861-3baed3c35069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1377 - Incident Response Assistance | Coordination With External Providers\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1377\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"68434bd1-e14b-4031-9edb-a4adf5f84a67\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs on which the Log Analytics agent is not connected as expected\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"WorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Connected workspace IDs\",\r\n \"description\": \"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsLogAnalyticsAgentConnection\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId', '=', parameters('WorkspaceId')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsLogAnalyticsAgentConnection\"\r\n },\r\n \"WorkspaceId\": {\r\n \"value\": \"[parameters('WorkspaceId')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"WorkspaceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId\",\r\n \"value\": \"[parameters('WorkspaceId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId\",\r\n \"value\": \"[parameters('WorkspaceId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"68511db2-bd02-41c4-ae6b-1900a012968a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1597 - Developer Configuration Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1597\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"68b250ec-2e4f-4eee-898a-117a9fda7016\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1588 - External Information System Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1588\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"68ebae26-e0e0-4ecb-8379-aabf633b51e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1070 - Wireless Access | Disable Wireless Networking\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1070\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"68f837d0-8942-4b1e-9b31-be78b247bda8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1727 - Memory Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1727\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"697175a7-9715-4e89-b98b-c6f605888fa3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1652 - Mobile Code\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1652\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6998e84a-2d29-4e10-8962-76754d4f772d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1699 - Information System Monitoring | Privileged Users\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1699\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"69c7bee8-bc19-4129-a51e-65a7b39d3e7c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1696 - Information System Monitoring | Correlate Monitoring Information\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1696\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"69d2a238-20ab-4206-a6dc-f302bf88b1b8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1244 - Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1244\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a13a8f8-c163-4b1b-8554-d63569dab937\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1019 - Account Management | Role-Based Schemes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1019\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a3ee9b2-3977-459c-b8ce-2db583abd9f7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit Guard is not enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines on which Windows Defender Exploit Guard is not enabled. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"NotAvailableMachineState\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"State in which to show VMs on which Windows Defender Exploit Guard is not available\",\r\n \"description\": \"Windows Defender Exploit Guard is only available starting with Windows 10/Windows Server with update 1709. Setting this value to 'Non-Compliant' will make machines with older versions on which Windows Defender Exploit Guard is not available (such as Windows Server 2012 R2) non-compliant. Setting this value to 'Compliant' will make these machines compliant.\"\r\n },\r\n \"allowedValues\": [\r\n \"Compliant\",\r\n \"Non-Compliant\"\r\n ],\r\n \"defaultValue\": \"Non-Compliant\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsDefenderExploitGuard\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState', '=', parameters('NotAvailableMachineState')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsDefenderExploitGuard\"\r\n },\r\n \"NotAvailableMachineState\": {\r\n \"value\": \"[parameters('NotAvailableMachineState')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"NotAvailableMachineState\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState\",\r\n \"value\": \"[parameters('NotAvailableMachineState')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState\",\r\n \"value\": \"[parameters('NotAvailableMachineState')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a7a2bcf-f9be-4e35-9734-4f9657a70f1d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1211 - Configuration Settings\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1211\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8b9dc8-6b00-4701-aa96-bba3277ebf50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Ensure WEB app is using the latest version of TLS encryption \",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Please use /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b instead. The TLS(Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS. App service allows TLS 1.2 by default, which is the recommended TLS level by industry standards, such as PCI DSS.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.minTlsVersion\",\r\n \"equals\": \"1.2\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ad61431-88ce-4357-a0e1-6da43f292bd7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1653 - Mobile Code\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deprecated accounts should be removed from your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Service Bus to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Service Bus to stream to a regional Event Hub when any Service Bus which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"OperationalLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b51af03-9277-49a9-a3f8-1c69c9ff7403\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1031 - Separation Of Duties\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b93a801-fe25-4574-a60d-cb22acffae00\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1338 - Authenticator Management | Automated Support For Password Strength Determination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c59a207-6aed-41dc-83a2-e1ff66e4a4db\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1304 - Identification And Authentication (Org. Users) | Local Access To Non-Privileged Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1304\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1437 - Media Transport | Cryptographic Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1437\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1eb6ed-bf13-4046-b993-b9e2aef0f76c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1171 - Penetration Testing | Independent Penetration Agent Or Team\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1171\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d4820bc-8b61-4982-9501-2123cb776c00\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Function App should only be accessible over HTTPS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1643 - Cryptographic Key Establishment And Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1643\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d8d492c-dd7a-46f7-a723-fa66a425b87c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1291\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1175 - Configuration Management Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6dab4254-c30d-4bb7-ae99-1d21586c063c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1651 - Mobile Code\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6db63528-c9ba-491c-8a80-83e1e6977a50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Email notification for high severity alerts should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enable emailing security alerts to the security contact, in order to have them receive security alert emails from Microsoft. This ensures that the right people are aware of any potential security issues and are able to mitigate the risks\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/securityContacts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/securityContacts/alertNotifications\",\r\n \"notEquals\": \"Off\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6e2593d9-add6-4083-9c9b-4b7d2188c899\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1586 - External Information System Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1586\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6e3b2fbd-8f37-4766-a64d-3f37703dcb51\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1536 - Risk Assessment Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1536\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6e40d9de-2ad4-4cb5-8945-23143326a502\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1530 - Third-Party Personnel Security\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6e8f9566-29f1-49cd-b61f-f8628a3cf993\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1460 - Access Control For Output Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f3ce1bb-4f77-4695-8355-70b08d54fdda\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1320 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f54c732-71d4-4f93-a696-4e373eca3a77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1141 - Audit Generation | Changes By Authorized Individuals\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdefbf4-93e7-4513-bc95-c1858b7093e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Server'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Microsoft Network Server'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsMicrosoftNetworkServer\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'Python version' is the latest, if used as a part of the Web app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for web apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"WindowsPythonLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Latest Python version\",\r\n \"description\": \"Latest supported Python version for App Services\"\r\n },\r\n \"defaultValue\": \"3.6\"\r\n },\r\n \"LinuxPythonLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Linux Latest Python version\",\r\n \"description\": \"Latest supported Python version for App Services\"\r\n },\r\n \"defaultValue\": \"3.8\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"PYTHON\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"[concat('PYTHON|', parameters('LinuxPythonLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"[parameters('WindowsPythonLatestVersion')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7008174a-fd10-4ef0-817e-fc820a951d73\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Windows Components'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Components'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"SendFileSamplesWhenFurtherAnalysisIsRequired\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Send file samples when further analysis is required\",\r\n \"description\": \"Specifies whether and how Windows Defender will submit samples of suspected malware to Microsoft for further analysis when opt-in for MAPS telemetry is set.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"AllowIndexingOfEncryptedFiles\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow indexing of encrypted files\",\r\n \"description\": \"Specifies whether encrypted items are allowed to be indexed.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AllowTelemetry\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow Telemetry\",\r\n \"description\": \"Specifies configuration of the amount of diagnostic and usage data reported to Microsoft. The data is transmitted securely and sensitive data is not sent.\"\r\n },\r\n \"defaultValue\": \"2\"\r\n },\r\n \"AllowUnencryptedTraffic\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow unencrypted traffic\",\r\n \"description\": \"Specifies whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AlwaysInstallWithElevatedPrivileges\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Always install with elevated privileges\",\r\n \"description\": \"Specifies whether Windows Installer should use system permissions when it installs any program on the system.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AlwaysPromptForPasswordUponConnection\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Always prompt for password upon connection\",\r\n \"description\": \"Specifies whether Terminal Services/Remote Desktop Connection always prompts the client computer for a password upon connection.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"ApplicationSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the Application event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"32768\"\r\n },\r\n \"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Automatically send memory dumps for OS-generated error reports\",\r\n \"description\": \"Specifies if memory dumps in support of OS-generated error reports can be sent to Microsoft automatically.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"ConfigureDefaultConsent\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Configure Default consent\",\r\n \"description\": \"Specifies setting of the default consent handling for error reports sent to Microsoft.\"\r\n },\r\n \"defaultValue\": \"4\"\r\n },\r\n \"ConfigureWindowsSmartScreen\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Configure Windows SmartScreen\",\r\n \"description\": \"Specifies how to manage the behavior of Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users before running unrecognized programs downloaded from the Internet. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"DisallowDigestAuthentication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Disallow Digest authentication\",\r\n \"description\": \"Specifies whether the Windows Remote Management (WinRM) client will not use Digest authentication.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"DisallowWinRMFromStoringRunAsCredentials\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Disallow WinRM from storing RunAs credentials\",\r\n \"description\": \"Specifies whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"DoNotAllowPasswordsToBeSaved\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Do not allow passwords to be saved\",\r\n \"description\": \"Specifies whether to prevent Remote Desktop Services - Terminal Services clients from saving passwords on a computer.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"SecuritySpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Security: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the Security event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"196608\"\r\n },\r\n \"SetClientConnectionEncryptionLevel\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Set client connection encryption level\",\r\n \"description\": \"Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption.\"\r\n },\r\n \"defaultValue\": \"3\"\r\n },\r\n \"SetTheDefaultBehaviorForAutoRun\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Set the default behavior for AutoRun\",\r\n \"description\": \"Specifies the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"SetupSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Setup: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the Setup event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"32768\"\r\n },\r\n \"SystemSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the System event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"32768\"\r\n },\r\n \"TurnOffDataExecutionPreventionForExplorer\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Turn off Data Execution Prevention for Explorer\",\r\n \"description\": \"Specifies whether to turn off Data Execution Prevention for Windows File Explorer. Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"SpecifyTheIntervalToCheckForDefinitionUpdates\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Specify the interval to check for definition updates\",\r\n \"description\": \"Specifies an interval at which to check for Windows Defender definition updates. The time value is represented as the number of hours between update checks.\"\r\n },\r\n \"defaultValue\": \"8\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_WindowsComponents\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Send file samples when further analysis is required;ExpectedValue', '=', parameters('SendFileSamplesWhenFurtherAnalysisIsRequired'), ',', 'Allow indexing of encrypted files;ExpectedValue', '=', parameters('AllowIndexingOfEncryptedFiles'), ',', 'Allow Telemetry;ExpectedValue', '=', parameters('AllowTelemetry'), ',', 'Allow unencrypted traffic;ExpectedValue', '=', parameters('AllowUnencryptedTraffic'), ',', 'Always install with elevated privileges;ExpectedValue', '=', parameters('AlwaysInstallWithElevatedPrivileges'), ',', 'Always prompt for password upon connection;ExpectedValue', '=', parameters('AlwaysPromptForPasswordUponConnection'), ',', 'Application: Specify the maximum log file size (KB);ExpectedValue', '=', parameters('ApplicationSpecifyTheMaximumLogFileSizeKB'), ',', 'Automatically send memory dumps for OS-generated error reports;ExpectedValue', '=', parameters('AutomaticallySendMemoryDumpsForOSgeneratedErrorReports'), ',', 'Configure Default consent;ExpectedValue', '=', parameters('ConfigureDefaultConsent'), ',', 'Configure Windows SmartScreen;ExpectedValue', '=', parameters('ConfigureWindowsSmartScreen'), ',', 'Disallow Digest authentication;ExpectedValue', '=', parameters('DisallowDigestAuthentication'), ',', 'Disallow WinRM from storing RunAs credentials;ExpectedValue', '=', parameters('DisallowWinRMFromStoringRunAsCredentials'), ',', 'Do not allow passwords to be saved;ExpectedValue', '=', parameters('DoNotAllowPasswordsToBeSaved'), ',', 'Security: Specify the maximum log file size (KB);ExpectedValue', '=', parameters('SecuritySpecifyTheMaximumLogFileSizeKB'), ',', 'Set client connection encryption level;ExpectedValue', '=', parameters('SetClientConnectionEncryptionLevel'), ',', 'Set the default behavior for AutoRun;ExpectedValue', '=', parameters('SetTheDefaultBehaviorForAutoRun'), ',', 'Setup: Specify the maximum log file size (KB);ExpectedValue', '=', parameters('SetupSpecifyTheMaximumLogFileSizeKB'), ',', 'System: Specify the maximum log file size (KB);ExpectedValue', '=', parameters('SystemSpecifyTheMaximumLogFileSizeKB'), ',', 'Turn off Data Execution Prevention for Explorer;ExpectedValue', '=', parameters('TurnOffDataExecutionPreventionForExplorer'), ',', 'Specify the interval to check for definition updates;ExpectedValue', '=', parameters('SpecifyTheIntervalToCheckForDefinitionUpdates')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_WindowsComponents\"\r\n },\r\n \"SendFileSamplesWhenFurtherAnalysisIsRequired\": {\r\n \"value\": \"[parameters('SendFileSamplesWhenFurtherAnalysisIsRequired')]\"\r\n },\r\n \"AllowIndexingOfEncryptedFiles\": {\r\n \"value\": \"[parameters('AllowIndexingOfEncryptedFiles')]\"\r\n },\r\n \"AllowTelemetry\": {\r\n \"value\": \"[parameters('AllowTelemetry')]\"\r\n },\r\n \"AllowUnencryptedTraffic\": {\r\n \"value\": \"[parameters('AllowUnencryptedTraffic')]\"\r\n },\r\n \"AlwaysInstallWithElevatedPrivileges\": {\r\n \"value\": \"[parameters('AlwaysInstallWithElevatedPrivileges')]\"\r\n },\r\n \"AlwaysPromptForPasswordUponConnection\": {\r\n \"value\": \"[parameters('AlwaysPromptForPasswordUponConnection')]\"\r\n },\r\n \"ApplicationSpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('ApplicationSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports\": {\r\n \"value\": \"[parameters('AutomaticallySendMemoryDumpsForOSgeneratedErrorReports')]\"\r\n },\r\n \"ConfigureDefaultConsent\": {\r\n \"value\": \"[parameters('ConfigureDefaultConsent')]\"\r\n },\r\n \"ConfigureWindowsSmartScreen\": {\r\n \"value\": \"[parameters('ConfigureWindowsSmartScreen')]\"\r\n },\r\n \"DisallowDigestAuthentication\": {\r\n \"value\": \"[parameters('DisallowDigestAuthentication')]\"\r\n },\r\n \"DisallowWinRMFromStoringRunAsCredentials\": {\r\n \"value\": \"[parameters('DisallowWinRMFromStoringRunAsCredentials')]\"\r\n },\r\n \"DoNotAllowPasswordsToBeSaved\": {\r\n \"value\": \"[parameters('DoNotAllowPasswordsToBeSaved')]\"\r\n },\r\n \"SecuritySpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('SecuritySpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"SetClientConnectionEncryptionLevel\": {\r\n \"value\": \"[parameters('SetClientConnectionEncryptionLevel')]\"\r\n },\r\n \"SetTheDefaultBehaviorForAutoRun\": {\r\n \"value\": \"[parameters('SetTheDefaultBehaviorForAutoRun')]\"\r\n },\r\n \"SetupSpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('SetupSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"SystemSpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('SystemSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"TurnOffDataExecutionPreventionForExplorer\": {\r\n \"value\": \"[parameters('TurnOffDataExecutionPreventionForExplorer')]\"\r\n },\r\n \"SpecifyTheIntervalToCheckForDefinitionUpdates\": {\r\n \"value\": \"[parameters('SpecifyTheIntervalToCheckForDefinitionUpdates')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"SendFileSamplesWhenFurtherAnalysisIsRequired\": {\r\n \"type\": \"string\"\r\n },\r\n \"AllowIndexingOfEncryptedFiles\": {\r\n \"type\": \"string\"\r\n },\r\n \"AllowTelemetry\": {\r\n \"type\": \"string\"\r\n },\r\n \"AllowUnencryptedTraffic\": {\r\n \"type\": \"string\"\r\n },\r\n \"AlwaysInstallWithElevatedPrivileges\": {\r\n \"type\": \"string\"\r\n },\r\n \"AlwaysPromptForPasswordUponConnection\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"string\"\r\n },\r\n \"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports\": {\r\n \"type\": \"string\"\r\n },\r\n \"ConfigureDefaultConsent\": {\r\n \"type\": \"string\"\r\n },\r\n \"ConfigureWindowsSmartScreen\": {\r\n \"type\": \"string\"\r\n },\r\n \"DisallowDigestAuthentication\": {\r\n \"type\": \"string\"\r\n },\r\n \"DisallowWinRMFromStoringRunAsCredentials\": {\r\n \"type\": \"string\"\r\n },\r\n \"DoNotAllowPasswordsToBeSaved\": {\r\n \"type\": \"string\"\r\n },\r\n \"SecuritySpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"string\"\r\n },\r\n \"SetClientConnectionEncryptionLevel\": {\r\n \"type\": \"string\"\r\n },\r\n \"SetTheDefaultBehaviorForAutoRun\": {\r\n \"type\": \"string\"\r\n },\r\n \"SetupSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"string\"\r\n },\r\n \"SystemSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"string\"\r\n },\r\n \"TurnOffDataExecutionPreventionForExplorer\": {\r\n \"type\": \"string\"\r\n },\r\n \"SpecifyTheIntervalToCheckForDefinitionUpdates\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Send file samples when further analysis is required;ExpectedValue\",\r\n \"value\": \"[parameters('SendFileSamplesWhenFurtherAnalysisIsRequired')]\"\r\n },\r\n {\r\n \"name\": \"Allow indexing of encrypted files;ExpectedValue\",\r\n \"value\": \"[parameters('AllowIndexingOfEncryptedFiles')]\"\r\n },\r\n {\r\n \"name\": \"Allow Telemetry;ExpectedValue\",\r\n \"value\": \"[parameters('AllowTelemetry')]\"\r\n },\r\n {\r\n \"name\": \"Allow unencrypted traffic;ExpectedValue\",\r\n \"value\": \"[parameters('AllowUnencryptedTraffic')]\"\r\n },\r\n {\r\n \"name\": \"Always install with elevated privileges;ExpectedValue\",\r\n \"value\": \"[parameters('AlwaysInstallWithElevatedPrivileges')]\"\r\n },\r\n {\r\n \"name\": \"Always prompt for password upon connection;ExpectedValue\",\r\n \"value\": \"[parameters('AlwaysPromptForPasswordUponConnection')]\"\r\n },\r\n {\r\n \"name\": \"Application: Specify the maximum log file size (KB);ExpectedValue\",\r\n \"value\": \"[parameters('ApplicationSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n {\r\n \"name\": \"Automatically send memory dumps for OS-generated error reports;ExpectedValue\",\r\n \"value\": \"[parameters('AutomaticallySendMemoryDumpsForOSgeneratedErrorReports')]\"\r\n },\r\n {\r\n \"name\": \"Configure Default consent;ExpectedValue\",\r\n \"value\": \"[parameters('ConfigureDefaultConsent')]\"\r\n },\r\n {\r\n \"name\": \"Configure Windows SmartScreen;ExpectedValue\",\r\n \"value\": \"[parameters('ConfigureWindowsSmartScreen')]\"\r\n },\r\n {\r\n \"name\": \"Disallow Digest authentication;ExpectedValue\",\r\n \"value\": \"[parameters('DisallowDigestAuthentication')]\"\r\n },\r\n {\r\n \"name\": \"Disallow WinRM from storing RunAs credentials;ExpectedValue\",\r\n \"value\": \"[parameters('DisallowWinRMFromStoringRunAsCredentials')]\"\r\n },\r\n {\r\n \"name\": \"Do not allow passwords to be saved;ExpectedValue\",\r\n \"value\": \"[parameters('DoNotAllowPasswordsToBeSaved')]\"\r\n },\r\n {\r\n \"name\": \"Security: Specify the maximum log file size (KB);ExpectedValue\",\r\n \"value\": \"[parameters('SecuritySpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n {\r\n \"name\": \"Set client connection encryption level;ExpectedValue\",\r\n \"value\": \"[parameters('SetClientConnectionEncryptionLevel')]\"\r\n },\r\n {\r\n \"name\": \"Set the default behavior for AutoRun;ExpectedValue\",\r\n \"value\": \"[parameters('SetTheDefaultBehaviorForAutoRun')]\"\r\n },\r\n {\r\n \"name\": \"Setup: Specify the maximum log file size (KB);ExpectedValue\",\r\n \"value\": \"[parameters('SetupSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n {\r\n \"name\": \"System: Specify the maximum log file size (KB);ExpectedValue\",\r\n \"value\": \"[parameters('SystemSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n {\r\n \"name\": \"Turn off Data Execution Prevention for Explorer;ExpectedValue\",\r\n \"value\": \"[parameters('TurnOffDataExecutionPreventionForExplorer')]\"\r\n },\r\n {\r\n \"name\": \"Specify the interval to check for definition updates;ExpectedValue\",\r\n \"value\": \"[parameters('SpecifyTheIntervalToCheckForDefinitionUpdates')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7040a231-fb65-4412-8c0a-b365f4866c24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1254\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"704e136a-4fe0-427c-b829-cd69957f5d2b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - System'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - System'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesSystem\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7066131b-61a6-4917-a7e4-72e8983f0aa6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1509 - Position Risk Designation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1509\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70792197-9bfc-4813-905a-bd33993e327f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1541 - Risk Assessment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1541\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70f6af82-7be6-44aa-9b15-8b9231b2e434\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1691 - Information System Monitoring | Automated Tools For Real-Time Analysis\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1691\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71475fb4-49bd-450b-a1a5-f63894c24725\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1481 - Temperature And Humidity Controls\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1481\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"717a1c78-a267-4f56-ac58-ee6c54dc4339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time Source\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1129\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71bb965d-4047-4623-afd4-b8189a58df5d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1395 - System Maintenance Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1395\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7207a023-a517-41c5-9df2-09d4c6845a05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs on which the DSC configuration is not compliant\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows VMs on which the Desired State Configuration (DSC) configuration is not compliant. This policy is only applicable to machines with WMF 4 and above. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsDscConfiguration\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7227ebe5-9ff7-47ab-b823-171cd02fb90f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7227ebe5-9ff7-47ab-b823-171cd02fb90f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Administrative Templates - Network'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Administrative Templates - Network'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdministrativeTemplatesNetwork\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7229bd6a-693d-478a-87f0-1dc1af06f3b8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'Python version' is the latest, if used as a part of the Function app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for Function apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"WindowsPythonLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Latest Python version\",\r\n \"description\": \"Latest supported Python version for App Services\"\r\n },\r\n \"defaultValue\": \"3.6\"\r\n },\r\n \"LinuxPythonLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Linux Latest Python version\",\r\n \"description\": \"Latest supported Python version for App Services\"\r\n },\r\n \"defaultValue\": \"3.8\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"PYTHON\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"[concat('PYTHON|', parameters('LinuxPythonLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"[parameters('WindowsPythonLatestVersion')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7238174a-fd10-4ef0-817e-fc820a951d73\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'PHP version' is the latest, if used as a part of the WEB app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for web apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"PHPLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest PHP version\",\r\n \"description\": \"Latest supported PHP version for App Services\"\r\n },\r\n \"defaultValue\": \"7.3\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"PHP\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"[concat('PHP|', parameters('PHPLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"[parameters('PHPLatestVersion')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7261b898-8a84-4db8-9e04-18527132abb3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that allow re-use of the previous 24 passwords. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add a tag to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Adds the specified tag and value when any resource group missing this tag is created or updated. Existing resource groups can be remediated by triggering a remediation task. If the tag exists with a different value it will not be changed.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"add\",\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726aca4c-86e9-4b04-b0c5-073027359532\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1524 - Personnel Transfer\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1524\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"72f1cb4e-2439-4fe8-88ea-b8671ce3c268\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized Personnel\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"731856d8-1598-4b75-92de-7d46235747c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1101 - Audit And Accountability Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7327b708-f0e0-457d-9d2a-527fcc9c9a65\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1456 - Physical Access Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"733ba9e3-9e7c-440a-a7aa-6196a90a2870\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1581 - Information System Documentation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"742b549b-7a25-465f-b83c-ea1ffb4f4e0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'Python version' is the latest, if used as a part of the Api app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for Api apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"WindowsPythonLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Latest Python version\",\r\n \"description\": \"Latest supported Python version for App Services\"\r\n },\r\n \"defaultValue\": \"3.6\"\r\n },\r\n \"LinuxPythonLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Linux Latest Python version\",\r\n \"description\": \"Latest supported Python version for App Services\"\r\n },\r\n \"defaultValue\": \"3.8\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"PYTHON\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"[concat('PYTHON|', parameters('LinuxPythonLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"[parameters('WindowsPythonLatestVersion')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74c3584d-afae-46f7-a20a-6f8adba71a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7522ed84-70d5-4181-afc0-21e50b1b6d0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1468 - Visitor Access Records | Automated Records Maintenance / Review\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"75603f96-80a1-4757-991d-5a1221765ddd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1053 - Session Lock | Pattern-Hiding Displays\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7582b19c-9dba-438e-aed8-ede59ac35ba3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1459 - Access Control For Transmission Medium\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerabilities should be remediated by a Vulnerability Assessment solution\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\",\r\n \"12-SP3\",\r\n \"12-SP4\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1055 - Session Termination| User-Initiated Logouts / Message Displays\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1055\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"769efd9b-3587-4e22-90ce-65ddcd5bd969\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit delegation of scopes to a managing tenant\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit delegation of scopes to a managing tenant via Azure Lighthouse.\",\r\n \"metadata\": {\r\n \"category\": \"Lighthouse\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ManagedServices/registrationAssignments\"\r\n },\r\n {\r\n \"value\": \"true\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"76bed37b-484f-430f-a009-fd7592dff818\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1058 - Permitted Actions Without Identification Or Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1058\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"76e85d08-8fbb-4112-a1c1-93521e6a9254\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1508 - Position Risk Designation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1508\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"76f500cc-4bca-4583-bda1-6d084dc21086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1423\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7741669e-d4f6-485a-83cb-e70ce7cbbc20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure subscriptions should have a log profile for Activity Log\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy ensures if a log profile is enabled for exporting activity logs. It audits if there is no log profile created to export the logs either to a storage account or to an event hub.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logProfiles\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/categories\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7796937f-307b-4598-941c-67d3a05ebfe7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1336 - Authenticator Management | Pki-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77f56280-e367-432a-a3b9-8ca2aa636a26\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1258 - Contingency Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7814506c-382c-4d33-a142-249dd4a0dbff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1178 - Baseline Configuration | Reviews And Updates\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1178\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7818b8f4-47c6-441a-90ae-12ce04e99893\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1057 - Permitted Actions Without Identification Or Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1057\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78255758-6d45-4bf0-a005-7016bc03b13c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1700 - Information System Monitoring | Unauthorized Network Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1010 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"784663a8-1eb0-418a-a98c-24d19bc1bb62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1216 - Least Functionality | Periodic Review\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1216\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7894fe6a-f5cb-44c8-ba90-c3f254ff9484\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1639 - Boundary Protection | Isolation Of Information System Components\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78e8e649-50f6-4fe3-99ac-fedc2e63b03f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1647 - Cryptographic Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"791cfc15-6974-42a0-9f4c-2d4b82f4a78c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1510 - Position Risk Designation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"79da5b09-0e7e-499e-adda-141b069c7998\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1384 - Information Spillage Response\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1384\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"79fbc228-461c-4a45-9004-a865ca0728a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows Server VMs on which Windows Serial Console is not enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows Server virtual machines on which Windows Serial Console is not enabled. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"EMSPortNumber\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"EMS Port Number\",\r\n \"description\": \"An integer indicating the COM port to be used for the Emergency Management Services (EMS) console redirection. For more information on EMS settings, please visit https://aka.ms/gcpolwsc\"\r\n },\r\n \"allowedValues\": [\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"EMSBaudRate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"EMS Baud Rate\",\r\n \"description\": \"An integer indicating the baud rate to be used for the Emergency Management Services (EMS) console redirection. For more information on EMS settings, please visit https://aka.ms/gcpolwsc\"\r\n },\r\n \"allowedValues\": [\r\n \"9600\",\r\n \"19200\",\r\n \"38400\",\r\n \"57600\",\r\n \"115200\"\r\n ],\r\n \"defaultValue\": \"115200\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsSerialConsole\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber', '=', parameters('EMSPortNumber'), ',', '[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate', '=', parameters('EMSBaudRate')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsSerialConsole\"\r\n },\r\n \"EMSPortNumber\": {\r\n \"value\": \"[parameters('EMSPortNumber')]\"\r\n },\r\n \"EMSBaudRate\": {\r\n \"value\": \"[parameters('EMSBaudRate')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"EMSPortNumber\": {\r\n \"type\": \"string\"\r\n },\r\n \"EMSBaudRate\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber\",\r\n \"value\": \"[parameters('EMSPortNumber')]\"\r\n },\r\n {\r\n \"name\": \"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate\",\r\n \"value\": \"[parameters('EMSBaudRate')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber\",\r\n \"value\": \"[parameters('EMSPortNumber')]\"\r\n },\r\n {\r\n \"name\": \"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate\",\r\n \"value\": \"[parameters('EMSBaudRate')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7a031c68-d6ab-406e-a506-697a19c634b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1093 - Role-Based Security Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1093\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7a0bdeeb-15f4-47e8-a1da-9f769f845fdf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1708 - Security Function Verification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7a1e2c88-13de-4959-8ee7-47e3d74f1f48\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1289 - Information System Backup\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7a724864-956a-496c-b778-637cb1d762cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1687 - Information System Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7a87fc7f-301e-49f3-ba2a-4d74f424fa97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1061 - Remote Access | Automated Monitoring / Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ac22808-a2e8-41c4-9d46-429b50738914\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1492 - System Security Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ad5f307-e045-46f7-8214-5bdb7e973737\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1636 - Boundary Protection | Isolation Of Security Tools / Mechanisms / Support Components\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7b694eed-7081-43c6-867c-41c76c961043\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Virtual Machine Scale Sets should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.OSTCExtensions\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers. This policy is deprecated because storage blob encryption is now enabled by default, and can no longer be disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1143 - Security Assessment And Authorization Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1143\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c6de11b-5f51-4f7c-8d83-d2467c8a816e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1051 - Session Lock\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1051\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1279 - Telecommunications Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1109 - Content Of Audit Records | Centralized Management Of Planned Audit Record Content\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1109\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1201 - Security Impact Analysis | Separate Test Environments\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1201\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7daef997-fdd3-461b-8807-a608a6dd70f1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1471 - Emergency Shutoff\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1471\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7dd0e9ce-1772-41fb-a50a-99977071f916\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs that have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1011 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1011\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e6a54f3-883f-43d5-87c4-172dfd64a1f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that have not restarted within the specified number of days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that have not restarted within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MachineLastBootUpTime\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e84ba44-6d03-46fd-950e-5efa5a1112fa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1692 - Information System Monitoring | Inbound And Outbound Communications Traffic\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1692\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ecda928-9df4-4dd7-8f44-641a91e470e8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that do not have the password complexity setting enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the password complexity setting enabled. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1191 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1191\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f26a61b-a74d-467c-99cf-63644db144f7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1520 - Personnel Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1520\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f2c513b-eb16-463b-b469-c10e5fa94f0a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1126\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f37f71b-420f-49bf-9477-9c0196974ecf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - Privilege Use'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Privilege Use'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesPrivilegeUse\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1117\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7fbfe680-6dbb-4037-963c-a621c5635902\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"SQL Auditing settings should have Action-Groups configured to capture critical activities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"The AuditActionsAndGroups property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough audit logging\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]\",\r\n \"notEquals\": \"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]\",\r\n \"notEquals\": \"FAILED_DATABASE_AUTHENTICATION_GROUP\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]\",\r\n \"notEquals\": \"BATCH_COMPLETED_GROUP\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ff426e2-515f-405a-91c8-4f2333442eb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1703 - Security Alerts, Advisories, And Directives\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1703\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"804faf7d-b687-40f7-9f74-79e28adf4205\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1303 - Identification And Authentication (Org. Users) | Local Access To Privileged Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1303\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"80ca0a27-918a-4604-af9e-723a27ee51e8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1505 - Information Security Architecture\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1505\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"813a10a7-3943-4fe3-8678-00dc52db5490\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1614 - Developer Security Architecture And Design\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1614\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8154e3b3-cc52-40be-9407-7756581d71f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'User Rights Assignment'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'User Rights Assignment'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may access this computer from the network\",\r\n \"description\": \"Specifies which remote users on the network are permitted to connect to the computer. This does not include Remote Desktop Connection.\"\r\n },\r\n \"defaultValue\": \"Administrators, Authenticated Users\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnLocally\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may log on locally\",\r\n \"description\": \"Specifies which users or groups can interactively log on to the computer. Users who attempt to log on via Remote Desktop Connection or IIS also require this user right.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may log on through Remote Desktop Services\",\r\n \"description\": \"Specifies which users or groups are permitted to log on as a Terminal Services client, Remote Desktop, or for Remote Assistance.\"\r\n },\r\n \"defaultValue\": \"Administrators, Remote Desktop Users\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied access to this computer from the network\",\r\n \"description\": \"Specifies which users or groups are explicitly prohibited from connecting to the computer across the network.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersOrGroupsThatMayManageAuditingAndSecurityLog\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may manage auditing and security log\",\r\n \"description\": \"Specifies users and groups permitted to change the auditing options for files and directories and clear the Security log.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersOrGroupsThatMayBackUpFilesAndDirectories\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may back up files and directories\",\r\n \"description\": \"Specifies users and groups allowed to circumvent file and directory permissions to back up the system.\"\r\n },\r\n \"defaultValue\": \"Administrators, Backup Operators\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheSystemTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may change the system time\",\r\n \"description\": \"Specifies which users and groups are permitted to change the time and date on the internal clock of the computer.\"\r\n },\r\n \"defaultValue\": \"Administrators, LOCAL SERVICE\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheTimeZone\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may change the time zone\",\r\n \"description\": \"Specifies which users and groups are permitted to change the time zone of the computer.\"\r\n },\r\n \"defaultValue\": \"Administrators, LOCAL SERVICE\"\r\n },\r\n \"UsersOrGroupsThatMayCreateATokenObject\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may create a token object\",\r\n \"description\": \"Specifies which users and groups are permitted to create an access token, which may provide elevated rights to access sensitive data.\"\r\n },\r\n \"defaultValue\": \"No One\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied logging on as a batch job\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer as a batch job (i.e. scheduled task).\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsAService\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied logging on as a service\",\r\n \"description\": \"Specifies which service accounts are explicitly not permitted to register a process as a service.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLocalLogon\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied local logon\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied log on through Remote Desktop Services\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer via Terminal Services/Remote Desktop Client.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UserAndGroupsThatMayForceShutdownFromARemoteSystem\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"User and groups that may force shutdown from a remote system\",\r\n \"description\": \"Specifies which users and groups are permitted to shut down the computer from a remote location on the network.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersAndGroupsThatMayRestoreFilesAndDirectories\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that may restore files and directories\",\r\n \"description\": \"Specifies which users and groups are permitted to bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories.\"\r\n },\r\n \"defaultValue\": \"Administrators, Backup Operators\"\r\n },\r\n \"UsersAndGroupsThatMayShutDownTheSystem\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that may shut down the system\",\r\n \"description\": \"Specifies which users and groups who are logged on locally to the computers in your environment are permitted to shut down the operating system with the Shut Down command.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may take ownership of files or other objects\",\r\n \"description\": \"Specifies which users and groups are permitted to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_UserRightsAssignment\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Access this computer from the network;ExpectedValue', '=', parameters('UsersOrGroupsThatMayAccessThisComputerFromTheNetwork'), ',', 'Allow log on locally;ExpectedValue', '=', parameters('UsersOrGroupsThatMayLogOnLocally'), ',', 'Allow log on through Remote Desktop Services;ExpectedValue', '=', parameters('UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices'), ',', 'Deny access to this computer from the network;ExpectedValue', '=', parameters('UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'), ',', 'Manage auditing and security log;ExpectedValue', '=', parameters('UsersOrGroupsThatMayManageAuditingAndSecurityLog'), ',', 'Back up files and directories;ExpectedValue', '=', parameters('UsersOrGroupsThatMayBackUpFilesAndDirectories'), ',', 'Change the system time;ExpectedValue', '=', parameters('UsersOrGroupsThatMayChangeTheSystemTime'), ',', 'Change the time zone;ExpectedValue', '=', parameters('UsersOrGroupsThatMayChangeTheTimeZone'), ',', 'Create a token object;ExpectedValue', '=', parameters('UsersOrGroupsThatMayCreateATokenObject'), ',', 'Deny log on as a batch job;ExpectedValue', '=', parameters('UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob'), ',', 'Deny log on as a service;ExpectedValue', '=', parameters('UsersAndGroupsThatAreDeniedLoggingOnAsAService'), ',', 'Deny log on locally;ExpectedValue', '=', parameters('UsersAndGroupsThatAreDeniedLocalLogon'), ',', 'Deny log on through Remote Desktop Services;ExpectedValue', '=', parameters('UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'), ',', 'Force shutdown from a remote system;ExpectedValue', '=', parameters('UserAndGroupsThatMayForceShutdownFromARemoteSystem'), ',', 'Restore files and directories;ExpectedValue', '=', parameters('UsersAndGroupsThatMayRestoreFilesAndDirectories'), ',', 'Shut down the system;ExpectedValue', '=', parameters('UsersAndGroupsThatMayShutDownTheSystem'), ',', 'Take ownership of files or other objects;ExpectedValue', '=', parameters('UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_UserRightsAssignment\"\r\n },\r\n \"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayAccessThisComputerFromTheNetwork')]\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnLocally\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnLocally')]\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork')]\"\r\n },\r\n \"UsersOrGroupsThatMayManageAuditingAndSecurityLog\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayManageAuditingAndSecurityLog')]\"\r\n },\r\n \"UsersOrGroupsThatMayBackUpFilesAndDirectories\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayBackUpFilesAndDirectories')]\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheSystemTime\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheSystemTime')]\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheTimeZone\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheTimeZone')]\"\r\n },\r\n \"UsersOrGroupsThatMayCreateATokenObject\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayCreateATokenObject')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsAService\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsAService')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLocalLogon\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLocalLogon')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n \"UserAndGroupsThatMayForceShutdownFromARemoteSystem\": {\r\n \"value\": \"[parameters('UserAndGroupsThatMayForceShutdownFromARemoteSystem')]\"\r\n },\r\n \"UsersAndGroupsThatMayRestoreFilesAndDirectories\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatMayRestoreFilesAndDirectories')]\"\r\n },\r\n \"UsersAndGroupsThatMayShutDownTheSystem\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatMayShutDownTheSystem')]\"\r\n },\r\n \"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnLocally\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayManageAuditingAndSecurityLog\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayBackUpFilesAndDirectories\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheSystemTime\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheTimeZone\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayCreateATokenObject\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsAService\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLocalLogon\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices\": {\r\n \"type\": \"string\"\r\n },\r\n \"UserAndGroupsThatMayForceShutdownFromARemoteSystem\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersAndGroupsThatMayRestoreFilesAndDirectories\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersAndGroupsThatMayShutDownTheSystem\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Access this computer from the network;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayAccessThisComputerFromTheNetwork')]\"\r\n },\r\n {\r\n \"name\": \"Allow log on locally;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnLocally')]\"\r\n },\r\n {\r\n \"name\": \"Allow log on through Remote Desktop Services;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n {\r\n \"name\": \"Deny access to this computer from the network;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork')]\"\r\n },\r\n {\r\n \"name\": \"Manage auditing and security log;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayManageAuditingAndSecurityLog')]\"\r\n },\r\n {\r\n \"name\": \"Back up files and directories;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayBackUpFilesAndDirectories')]\"\r\n },\r\n {\r\n \"name\": \"Change the system time;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheSystemTime')]\"\r\n },\r\n {\r\n \"name\": \"Change the time zone;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheTimeZone')]\"\r\n },\r\n {\r\n \"name\": \"Create a token object;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayCreateATokenObject')]\"\r\n },\r\n {\r\n \"name\": \"Deny log on as a batch job;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob')]\"\r\n },\r\n {\r\n \"name\": \"Deny log on as a service;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsAService')]\"\r\n },\r\n {\r\n \"name\": \"Deny log on locally;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLocalLogon')]\"\r\n },\r\n {\r\n \"name\": \"Deny log on through Remote Desktop Services;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n {\r\n \"name\": \"Force shutdown from a remote system;ExpectedValue\",\r\n \"value\": \"[parameters('UserAndGroupsThatMayForceShutdownFromARemoteSystem')]\"\r\n },\r\n {\r\n \"name\": \"Restore files and directories;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatMayRestoreFilesAndDirectories')]\"\r\n },\r\n {\r\n \"name\": \"Shut down the system;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatMayShutDownTheSystem')]\"\r\n },\r\n {\r\n \"name\": \"Take ownership of files or other objects;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"815dcc9f-6662-43f2-9a03-1b83e9876f24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1308 - Identification And Authentication (Org. Users) | Remote Access - Separate Device\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1308\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"81817e1c-5347-48dd-965a-40159d008229\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1287 - Information System Backup\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1287\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"819dc6da-289d-476e-8500-7e341ef8677d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1213\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"81f11e32-a293-4a58-82cd-134af52e2318\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Geo-redundant backup should be enabled for Azure Database for MySQL\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Azure Database for MySQL with geo-redundant backup not enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforMySQL/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DBforMySQL/servers/storageProfile.geoRedundantBackup\",\r\n \"notEquals\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"82339799-d096-41ae-8538-b108becf0970\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1168 - Continuous Monitoring | Independent Assessment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1168\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"82409f9e-1f32-4775-bf07-b99d53a91b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1448 - Physical Access Authorizations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1448\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"825d6494-e583-42f2-a3f2-6458e6f0004f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1452 - Physical Access Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1452\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"82c76455-4d3f-4e09-a654-22e592107e74\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1262 - Contingency Plan Testing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1262\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"831e510e-db41-4c72-888e-a0621ab62265\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1008 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1008\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8356cfc6-507a-4d20-b818-08038011cd07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Event Hub should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Network interfaces should not have public IPs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy denies the network interfaces which are configured with any public IP. Public IP addresses allow internet resources to communicate inbound to Azure resources, and Azure resources to communicate outbound to the internet. This should be reviewed by the network security team.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkInterfaces\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a86a26-fd1f-447c-b59d-e51f44264114\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1382 - Incident Response Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1382\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"841392b3-40da-4473-b328-4cde49db67b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1098 - Security Training Records\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1098\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"84363adb-dde3-411a-9fc1-36b56737f822\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that '.Net Framework' version is the latest, if used as a part of the Web app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for .Net Framework software either due to security flaws or to include additional functionality. Using the latest .Net framework version for web apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.netFrameworkVersion\",\r\n \"in\": [\r\n \"v3.0\",\r\n \"v4.0\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"843664e0-7563-41ee-a9cb-7522c382d2c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review And Analysis\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1119\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"845f6359-b764-4b40-b579-657aefe23c44\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1024 - Account Management | Account Monitoring / Atypical Usage\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1024\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"84914fb4-12da-4c53-a341-a9fd463bed10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1307 - Identification And Authentication (Org. Users) | Net. Access To Non-Priv. Accts. - Replay\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1307\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"84e622c8-4bed-417c-84c6-b2fb0dd73682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1080 - Use Of External Information Systems | Portable Storage Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1080\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"852981b4-a380-4704-aa1e-2e52d63445e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1580 - Information System Documentation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1580\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"854db8ac-6adf-42a0-bef3-b73f764f40b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1348 - Identification And Authentication (Non-Org. Users) | Acceptance Of Third-Party Credentials\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"855ced56-417b-4d74-9d5f-dd1bc81e22d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1079 - Use Of External Information Systems | Limits On Authorized Use\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1079\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"85c32733-7d23-4948-88da-058e2c56b60f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1326 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8605fc00-1bf5-4fb3-984e-c95cec4f231d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Security Options - Microsoft Network Server'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Microsoft Network Server'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsMicrosoftNetworkServer\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsMicrosoftNetworkServer\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86880e5c-df35-43c5-95ad-7e120635775e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"System updates should be installed on your machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1507 - Personnel Security Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86ccd1bf-e7ad-4851-93ce-6ec817469c1e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that Register with Azure Active Directory is enabled on API app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Managed service identity in App Service makes the app more secure by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in the app service, the app will connect to other Azure services securely without the need of username and passwords\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.managedServiceIdentityId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86d97760-d216-4d81-a3ad-163087b2b6c3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1392 - Information Spillage Response | Post-Spill Operations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1392\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86dc819f-15e1-43f9-a271-41ae58d4cecc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1589 - External Information System Services | Risk Assessments / Organizational Approvals\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1589\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86ec7f9b-9478-40ff-8cfd-6a0d510081a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1207 - Access Restrictions For Change | Limit Production / Operational Privileges\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1207\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8713a0ed-0d1e-4d10-be82-83dffb39830e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require specified tag\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enforces existence of a tag. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"871b6d14-10aa-478d-b590-94f262ecfa99\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy / Currency\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1180\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"874e7880-a067-42a7-bcbe-1a340f54c8cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1635 - Boundary Protection | Host-Based Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1635\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Administrative Templates - Control Panel'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Administrative Templates - Control Panel'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdministrativeTemplatesControlPanel\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"87b590fe-4a1d-4697-ae74-d4fe72ab786c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1293\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"87f7cd82-2e45-4d0f-9e2f-586b0962d142\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1440 - Media Sanitization | Review / Approve / Track / Document / Verify\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1440\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"881299bf-2a5b-4686-a1b2-321d33679953\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1356 - Incident Response Training | Simulated Events\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1356\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8829f8f5-e8be-441e-85c9-85b72a5d0ef3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Linux VMs that have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Linux virtual machines that have the specified applications installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should not be installed. e.g. 'python; powershell'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent', '=', concat('packages: [', replace(parameters('ApplicationName'), ';', ','), ']')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', replace(parameters('ApplicationName'), ';', ','), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', replace(parameters('ApplicationName'), ';', ','), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1317 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1317\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8877f519-c166-47b7-81b7-8a8eb4ff3775\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1501 - Rules Of Behavior\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1501\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"88817b58-8472-4f6c-81fa-58ce42b67f51\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'Java version' is the latest, if used as a part of the Api app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for Java either due to security flaws or to include additional functionality. Using the latest Python version for Api apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"JavaLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest Java version\",\r\n \"description\": \"Latest supported Java version for App Services\"\r\n },\r\n \"defaultValue\": \"11\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"JAVA\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"like\": \"[concat('*', parameters('JavaLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"like\": \"[concat(parameters('JavaLatestVersion'), '*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"88999f4c-376a-45c8-bcb3-4058f713cf39\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Network interfaces should disable IP forwarding\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkInterfaces\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkInterfaces/enableIpForwarding\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"88c0b9da-ce96-4b03-9635-f29a937e2900\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1215 - Least Functionality\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"88fc93e8-4745-4785-b5a5-b44bb92c44ff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"SQL servers should be configured with auditing retention days greater than 90 days.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit SQL servers configured with an auditing retention period of less than 90 days.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/auditingSettings/retentionDays\",\r\n \"greater\": 90\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"89099bee-89e0-4b26-a5f4-165451757743\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1411 - Nonlocal Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"898d4fe8-f743-4333-86b7-0c9245d93e7d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1092 - Security Awareness Training | Insider Threat\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8a29d47b-8604-4667-84ef-90d203fcb305\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - System settings'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - System settings'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsSystemsettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8a39d1f1-5513-4628-b261-f469a5a3341b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs with a pending reboot\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with a pending reboot. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsPendingReboot\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8b0de57a-f511-4d45-a277-17cb79cb163b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1534 - Personnel Sanctions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1534\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8b2b263e-cd05-4488-bcbf-4debec7a17d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1170 - Penetration Testing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1170\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Windows Firewall Properties'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Firewall Properties'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_WindowsFirewallProperties\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8bbd627e-4d25-4906-9a6e-3789780af3ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'HTTP Version' is the latest, if used to run the Web app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Managed service identity in App Service makes the app more secure by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in the app service, the app will connect to other Azure services securely without the need of username and passwords\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.http20Enabled\",\r\n \"Equals\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8c122334-9d20-4eb8-89ea-ac9a705b74ae\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1458 - Physical Access Control | Information System Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1458\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1683 - Information System Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1683\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8c79fee4-88dd-44ce-bbd4-4de88948c4f8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Latest TLS version should be used in your API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Upgrade to the latest TLS version\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"equals\": \"1.2\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1316 - Identifier Management | Identify User Status\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1316\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce14753-66e5-465d-9841-26ef55c09c0d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1324 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1324\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8cfea2b3-7f77-497e-ac20-0752f2ff6eee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1225 - Information System Component Inventory | Automated Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1225\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8d096fe0-f510-4486-8b4d-d17dc230980b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1288 - Information System Backup\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1288\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1281\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc459b3-0e77-45af-8d71-cfd8c9654fe2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1250 - Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1250\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8de614d8-a8b7-4f70-a62a-6d37089a002c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'System Audit Policies - Object Access'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Object Access'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"AuditDetailedFileShare\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Detailed File Share\",\r\n \"description\": \"If this policy setting is enabled, access to all shared files and folders on the system is audited. Auditing for Success can lead to very high volumes of events.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"AuditFileShare\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit File Share\",\r\n \"description\": \"Specifies whether to audit events related to file shares: creation, deletion, modification, and access attempts. Also, it shows failed SMB SPN checks. Event volumes can be high on DCs and File Servers.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"AuditFileSystem\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit File System\",\r\n \"description\": \"Specifies whether audit events are generated when users attempt to access file system objects. Audit events are generated only for objects that have configured system access control lists (SACLs).\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesObjectAccess\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Audit Detailed File Share;ExpectedValue', '=', parameters('AuditDetailedFileShare'), ',', 'Audit File Share;ExpectedValue', '=', parameters('AuditFileShare'), ',', 'Audit File System;ExpectedValue', '=', parameters('AuditFileSystem')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesObjectAccess\"\r\n },\r\n \"AuditDetailedFileShare\": {\r\n \"value\": \"[parameters('AuditDetailedFileShare')]\"\r\n },\r\n \"AuditFileShare\": {\r\n \"value\": \"[parameters('AuditFileShare')]\"\r\n },\r\n \"AuditFileSystem\": {\r\n \"value\": \"[parameters('AuditFileSystem')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditDetailedFileShare\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditFileShare\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditFileSystem\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Detailed File Share;ExpectedValue\",\r\n \"value\": \"[parameters('AuditDetailedFileShare')]\"\r\n },\r\n {\r\n \"name\": \"Audit File Share;ExpectedValue\",\r\n \"value\": \"[parameters('AuditFileShare')]\"\r\n },\r\n {\r\n \"name\": \"Audit File System;ExpectedValue\",\r\n \"value\": \"[parameters('AuditFileSystem')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e170edb-e0f5-497a-bb36-48b3280cec6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1278\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e5ef485-9e16-4c53-a475-fbb8107eac59\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1517 - Personnel Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8f5ad423-50d6-4617-b058-69908f5586c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1668 - Flaw Remediation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1668\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8fb0966e-be1d-42c3-baca-60df5c0bcc61\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1013 - Account Management | Automated System Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1013\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8fd7b917-d83b-4379-af60-51e14e316c61\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1147 - Security Assessments\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1147\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8fef824a-29a8-4a4c-88fc-420a39c0d541\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that do not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not store passwords using reversible encryption. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1550 - Vulnerability Scanning\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1550\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"902908fb-25a8-4225-a3a5-5603c80066c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Windows Firewall Properties'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Firewall Properties'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"WindowsFirewallDomainUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Domain profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Domain profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Private profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Private profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Public profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Public profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Domain: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPrivateAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Private: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Private profile.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPublicAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Public: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_WindowsFirewallProperties\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Windows Firewall: Domain: Firewall state;ExpectedValue', '=', parameters('WindowsFirewallDomainUseProfileSettings'), ',', 'Windows Firewall: Domain: Outbound connections;ExpectedValue', '=', parameters('WindowsFirewallDomainBehaviorForOutboundConnections'), ',', 'Windows Firewall: Domain: Settings: Apply local connection security rules;ExpectedValue', '=', parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules'), ',', 'Windows Firewall: Domain: Settings: Apply local firewall rules;ExpectedValue', '=', parameters('WindowsFirewallDomainApplyLocalFirewallRules'), ',', 'Windows Firewall: Domain: Settings: Display a notification;ExpectedValue', '=', parameters('WindowsFirewallDomainDisplayNotifications'), ',', 'Windows Firewall: Private: Firewall state;ExpectedValue', '=', parameters('WindowsFirewallPrivateUseProfileSettings'), ',', 'Windows Firewall: Private: Outbound connections;ExpectedValue', '=', parameters('WindowsFirewallPrivateBehaviorForOutboundConnections'), ',', 'Windows Firewall: Private: Settings: Apply local connection security rules;ExpectedValue', '=', parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules'), ',', 'Windows Firewall: Private: Settings: Apply local firewall rules;ExpectedValue', '=', parameters('WindowsFirewallPrivateApplyLocalFirewallRules'), ',', 'Windows Firewall: Private: Settings: Display a notification;ExpectedValue', '=', parameters('WindowsFirewallPrivateDisplayNotifications'), ',', 'Windows Firewall: Public: Firewall state;ExpectedValue', '=', parameters('WindowsFirewallPublicUseProfileSettings'), ',', 'Windows Firewall: Public: Outbound connections;ExpectedValue', '=', parameters('WindowsFirewallPublicBehaviorForOutboundConnections'), ',', 'Windows Firewall: Public: Settings: Apply local connection security rules;ExpectedValue', '=', parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules'), ',', 'Windows Firewall: Public: Settings: Apply local firewall rules;ExpectedValue', '=', parameters('WindowsFirewallPublicApplyLocalFirewallRules'), ',', 'Windows Firewall: Public: Settings: Display a notification;ExpectedValue', '=', parameters('WindowsFirewallPublicDisplayNotifications'), ',', 'Windows Firewall: Domain: Allow unicast response;ExpectedValue', '=', parameters('WindowsFirewallDomainAllowUnicastResponse'), ',', 'Windows Firewall: Private: Allow unicast response;ExpectedValue', '=', parameters('WindowsFirewallPrivateAllowUnicastResponse'), ',', 'Windows Firewall: Public: Allow unicast response;ExpectedValue', '=', parameters('WindowsFirewallPublicAllowUnicastResponse')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_WindowsFirewallProperties\"\r\n },\r\n \"WindowsFirewallDomainUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallDomainDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallPrivateUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallPrivateDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallPublicUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallPublicDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallDomainAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainAllowUnicastResponse')]\"\r\n },\r\n \"WindowsFirewallPrivateAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateAllowUnicastResponse')]\"\r\n },\r\n \"WindowsFirewallPublicAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicAllowUnicastResponse')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallDomainUseProfileSettings\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallDomainDisplayNotifications\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPrivateUseProfileSettings\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPrivateDisplayNotifications\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPublicUseProfileSettings\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPublicDisplayNotifications\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallDomainAllowUnicastResponse\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPrivateAllowUnicastResponse\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPublicAllowUnicastResponse\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Windows Firewall: Domain: Firewall state;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainUseProfileSettings')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Outbound connections;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainBehaviorForOutboundConnections')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Settings: Apply local connection security rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Settings: Apply local firewall rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalFirewallRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Settings: Display a notification;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainDisplayNotifications')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Firewall state;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateUseProfileSettings')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Outbound connections;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Settings: Apply local connection security rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Settings: Apply local firewall rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalFirewallRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Settings: Display a notification;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateDisplayNotifications')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Firewall state;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicUseProfileSettings')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Outbound connections;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicBehaviorForOutboundConnections')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Settings: Apply local connection security rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Settings: Apply local firewall rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalFirewallRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Settings: Display a notification;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicDisplayNotifications')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Allow unicast response;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainAllowUnicastResponse')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Allow unicast response;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateAllowUnicastResponse')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Allow unicast response;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicAllowUnicastResponse')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"909c958d-1b99-4c74-b88f-46a5c5bc34f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1133\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"90b60a09-133d-45bc-86ef-b206a6134bbe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell modules installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the specified Windows PowerShell modules installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"Modules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"PowerShell Modules\",\r\n \"description\": \"A semicolon-separated list of the names of the PowerShell modules that should be installed. You may also specify a specific version of a module that should be installed by including a comma after the module name, followed by the desired version. e.g. PSDscResources; SqlServerDsc, 12.0.0.0; ComputerManagementDsc, 6.1.0.0\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsPowerShellModules\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[PowerShellModules]PowerShellModules1;Modules', '=', parameters('Modules')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsPowerShellModules\"\r\n },\r\n \"Modules\": {\r\n \"value\": \"[parameters('Modules')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"Modules\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[PowerShellModules]PowerShellModules1;Modules\",\r\n \"value\": \"[parameters('Modules')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[PowerShellModules]PowerShellModules1;Modules\",\r\n \"value\": \"[parameters('Modules')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"90ba2ee7-4ca8-4673-84d1-c851c50d3baf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit Trail\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1140\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"90d8b8ad-8ee3-4db7-913f-2a53fcff5316\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1355 - Incident Response Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1355\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"90e01f69-3074-4de8-ade7-0fef3e7d83e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative Source)\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"90f01329-a100-43c2-af31-098996135d2b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Windows Components'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Components'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_WindowsComponents\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9178b430-2295-406e-bb28-f6a7a2a2f897\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1069 - Wireless Access | Authentication And Encryption\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"91c97b44-791e-46e9-bad7-ab7c4949edbb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection / Analysis\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"924e1b2d-c502-478f-bfdb-a7e09a0d5c01\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MFA should be enabled accounts with write permissions on your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1290 - Information System Backup\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"92f85ce9-17b7-49ea-85ee-ea7271ea6b82\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that contain certificates expiring within the specified number of days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that contain certificates expiring within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"CertificateExpiration\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9328f27e-611e-44a7-a244-39109d7d35ab\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9328f27e-611e-44a7-a244-39109d7d35ab\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs in which the Administrators group does not contain all of the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines in which the Administrators group does not contain all of the specified members. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"MembersToInclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to include\",\r\n \"description\": \"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AdministratorsGroupMembersToInclude\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[LocalGroup]AdministratorsGroup;MembersToInclude', '=', parameters('MembersToInclude')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AdministratorsGroupMembersToInclude\"\r\n },\r\n \"MembersToInclude\": {\r\n \"value\": \"[parameters('MembersToInclude')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"MembersToInclude\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LocalGroup]AdministratorsGroup;MembersToInclude\",\r\n \"value\": \"[parameters('MembersToInclude')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LocalGroup]AdministratorsGroup;MembersToInclude\",\r\n \"value\": \"[parameters('MembersToInclude')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"93507a81-10a4-4af0-9ee2-34cf25a96e98\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1575 - Acquisition Process | Functional Properties Of Security Controls\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1575\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1674\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"93e9e233-dd0a-4bde-aea5-1371bce0e002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1297\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"93fd8af1-c161-4bae-9ba9-f62731f76439\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1284\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"942b3e97-6ae3-410e-a794-c9c999b97c0b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1379 - Incident Response Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1379\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9442dd2c-a07f-46cd-b55a-553b66ba47ca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1371 - Incident Reporting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1371\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9447f354-2c85-4700-93b3-ecdc6cb6a417\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1526 - Access Agreements\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"953e6261-a05a-44fd-8246-000e1a3edbb9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1163 - Continuous Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1163\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"961663a1-8a91-4e59-b6f5-1eee57c0f49c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require specified tag on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces existence of a tag on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"96670d01-0a4d-4649-9c89-2d3abc0a5025\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1717 - Software, Firmware, And Information Integrity | Binary Or Machine Executable Code\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1717\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Advanced data security settings for SQL server should contain an email address to receive security alerts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Ensure that an email address is provided for the 'Send alerts to' field in the Advanced Data Security server settings. This email address receives alert notifications when anomalous activities are detected on SQL servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]\",\r\n \"notEquals\": \"\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9677b740-f641-4f3c-b9c5-466005c85278\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1453 - Physical Access Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1453\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9693b564-3008-42bc-9d5d-9c7fe198c011\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Adminstrative Templates - MSS (Legacy)'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Adminstrative Templates - MSS (Legacy)'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdminstrativeTemplatesMSSLegacy\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"97646672-5efa-4622-9b54-740270ad60bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic Code Analysis\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1607\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"976a74cf-b192-4d35-8cab-2068f272addb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'System Audit Policies - Policy Change'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Policy Change'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"AuditAuthenticationPolicyChange\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Authentication Policy Change\",\r\n \"description\": \"Specifies whether audit events are generated when changes are made to authentication policy. This setting is useful for tracking changes in domain-level and forest-level trust and privileges that are granted to user accounts or groups.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"Success\"\r\n },\r\n \"AuditAuthorizationPolicyChange\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Authorization Policy Change\",\r\n \"description\": \"Specifies whether audit events are generated for assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesPolicyChange\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Audit Authentication Policy Change;ExpectedValue', '=', parameters('AuditAuthenticationPolicyChange'), ',', 'Audit Authorization Policy Change;ExpectedValue', '=', parameters('AuditAuthorizationPolicyChange')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesPolicyChange\"\r\n },\r\n \"AuditAuthenticationPolicyChange\": {\r\n \"value\": \"[parameters('AuditAuthenticationPolicyChange')]\"\r\n },\r\n \"AuditAuthorizationPolicyChange\": {\r\n \"value\": \"[parameters('AuditAuthorizationPolicyChange')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditAuthenticationPolicyChange\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditAuthorizationPolicyChange\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Authentication Policy Change;ExpectedValue\",\r\n \"value\": \"[parameters('AuditAuthenticationPolicyChange')]\"\r\n },\r\n {\r\n \"name\": \"Audit Authorization Policy Change;ExpectedValue\",\r\n \"value\": \"[parameters('AuditAuthorizationPolicyChange')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"97b595c8-fd10-400e-8543-28e2b9138b13\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1136 - Audit Record Retention\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1136\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"97ed5bac-a92f-4f6d-a8ed-dc094723597c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1378 - Incident Response Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"97fceb70-6983-42d0-9331-18ad8253184d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Administrative Templates - Network'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Administrative Templates - Network'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"EnableInsecureGuestLogons\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable insecure guest logons\",\r\n \"description\": \"Specifies whether the SMB client will allow insecure guest logons to an SMB server.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow simultaneous connections to the Internet or a Windows Domain\",\r\n \"description\": \"Specify whether to prevent computers from connecting to both a domain based network and a non-domain based network at the same time. A value of 0 allows simultaneous connections, and a value of 1 blocks them.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"TurnOffMulticastNameResolution\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Turn off multicast name resolution\",\r\n \"description\": \"Specifies whether LLMNR, a secondary name resolution protocol that transmits using multicast over a local subnet link on a single subnet, is enabled.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdministrativeTemplatesNetwork\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Enable insecure guest logons;ExpectedValue', '=', parameters('EnableInsecureGuestLogons'), ',', 'Minimize the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue', '=', parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'), ',', 'Turn off multicast name resolution;ExpectedValue', '=', parameters('TurnOffMulticastNameResolution')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_AdministrativeTemplatesNetwork\"\r\n },\r\n \"EnableInsecureGuestLogons\": {\r\n \"value\": \"[parameters('EnableInsecureGuestLogons')]\"\r\n },\r\n \"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain\": {\r\n \"value\": \"[parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain')]\"\r\n },\r\n \"TurnOffMulticastNameResolution\": {\r\n \"value\": \"[parameters('TurnOffMulticastNameResolution')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"EnableInsecureGuestLogons\": {\r\n \"type\": \"string\"\r\n },\r\n \"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain\": {\r\n \"type\": \"string\"\r\n },\r\n \"TurnOffMulticastNameResolution\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Enable insecure guest logons;ExpectedValue\",\r\n \"value\": \"[parameters('EnableInsecureGuestLogons')]\"\r\n },\r\n {\r\n \"name\": \"Minimize the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue\",\r\n \"value\": \"[parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain')]\"\r\n },\r\n {\r\n \"name\": \"Turn off multicast name resolution;ExpectedValue\",\r\n \"value\": \"[parameters('TurnOffMulticastNameResolution')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985285b7-b97a-419c-8d48-c88cc934c8d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1076 - Use Of External Information Systems\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1076\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"98a4bd5f-6436-46d4-ad00-930b5b1dfed4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'HTTP Version' is the latest, if used to run the Api app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.http20Enabled\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"991310cd-e9f3-47bc-b7b6-f57b557d07db\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1102 - Audit Events\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9943c16a-c54c-4b4a-ad28-bfd938cdbf57\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1300 - Identification And Authentication (Organizational Users)\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"99deec7d-5526-472e-b07c-3645a792026a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity Functions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1036\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a16d673-8cf0-4dcf-b1d5-9b3e114fef71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"FTPS only should be required in your API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enable FTPS enforcement for enhanced security\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/ftpsState\",\r\n \"equals\": \"FtpsOnly\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a1b8c48-453a-4044-86c3-d8bfd823e4f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1021 - Account Management | Restrictions On Use Of Shared / Group Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1021\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a3eb0a3-428d-4669-baff-20a14eb4b551\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Azure SQL Database to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Azure SQL Database to stream to a regional Event Hub on any Azure SQL Database which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Sql/servers/databases/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('fullName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"QueryStoreRuntimeStatistics\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"QueryStoreWaitStatistics\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Errors\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"DatabaseWaitStatistics\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Blocks\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"SQLInsights\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Audit\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"SQLSecurityAuditEvents\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Timeouts\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"AutomaticTuning\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Deadlocks\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled diagnostic settings for ', parameters('fullName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"fullName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a7c7a7d-49e5-4213-bea8-6a502b6272e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1049 - System Use Notification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1049\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9adf7ba7-900a-4f35-8d57-9f34aafc405c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1563 - Allocation Of Resources\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1563\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9afe2edf-232c-4fdf-8e6a-e867a5c525fd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1462 - Monitoring Physical Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1462\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9b1f3a9a-13a1-4b40-8420-36bca6fd8c02\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft IaaSAntimalware extension should be deployed on Windows servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Windows server VM without Microsoft IaaSAntimalware extension deployed.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9b597639-28e4-48eb-b506-56b05d366257\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1236 - Software Usage Restrictions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9ba3ed84-c768-4e18-b87c-34ef1aff1b57\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1525 - Personnel Transfer\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1525\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9be2f688-7a61-45e3-8230-e1ec93893f66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1138 - Audit Generation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9c284fc0-268a-4f29-af44-3c126674edb4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1135 - Non-Repudiation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9c308b6b-2429-4b97-86cf-081b8e737b04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1489 - Location Of Information System Components\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9d0a794f-1444-4c96-9534-e35fc8c39c91\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'Java version' is the latest, if used as a part of the Funtion app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for Java software either due to security flaws or to include additional functionality. Using the latest Java version for Function apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"JavaLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest Java version\",\r\n \"description\": \"Latest supported Java version for App Services\"\r\n },\r\n \"defaultValue\": \"11\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"JAVA\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"like\": \"[concat('*', parameters('JavaLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"like\": \"[concat(parameters('JavaLatestVersion'), '*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1322 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1322\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9d1d971e-467e-4278-9633-c74c3d4fecc4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1233 - Configuration Management Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1233\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9d79001f-95fe-45d0-8736-f217e78c1f57\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1305 - Identification And Authentication (Org. Users) | Group Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1305\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9d9166a8-1722-4b8f-847c-2cf3f2618b3d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1259 - Contingency Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1259\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9d9e18f7-bad9-4d30-8806-a0c9d5e26208\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access through Internet facing endpoint should be restricted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Azure Security center has identified some of your Network Security Groups' inbound rules to be too permissive. Inbound rules should not allow access from 'Any' or 'Internet' ranges. This can potentially enable attackers to easily target your resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1500 - Rules Of Behavior\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1500\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9dd5b241-03cb-47d3-a5cd-4b89f9c53c92\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1482 - Temperature And Humidity Controls | Monitoring With Alarms / Notifications\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1482\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9df4277e-8c88-4d5c-9b1a-541d53d15d7b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1553\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9e5225fe-cdfb-4fce-9aec-0fe20dd53b62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1490 - Security Planning Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1490\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9e61da80-0957-4892-b70c-609d5eaafb6b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1504 - Information Security Architecture\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1504\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9e7c35d0-12d4-4e0c-80a2-8a352537aefd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1609 - Development Process, Standards, And Tools\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1609\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9e93fa71-42ac-41a7-b177-efbfdc53c69f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append tag and its value from the resource group\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Appends the specified tag with its value from the resource group when any resource which is missing this tag is created or updated. Does not modify the tags of resources created before this policy was applied until those resources are changed. New 'modify' effect policies are available that support remediation of tags on existing resources (see https://aka.ms/modifydoc).\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"value\": \"[resourceGroup().tags[parameters('tagName')]]\",\r\n \"notEquals\": \"\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourceGroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1494 - System Security Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1494\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9ed09d84-3311-4853-8b67-2b55dfa33d09\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1514 - Personnel Screening | Information With Special Protection Measures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1514\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9ed5ca00-0e43-434e-a018-7aab91461ba7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1187 - Configuration Change Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1187\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9f2b2f9e-4ba6-46c3-907f-66db138b6f85\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs that are not set to the specified time zone\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that are not set to the specified time zone. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsTimeZone\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9f658460-46b7-43af-8565-94fc0662be38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1354 - Incident Response Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9fd92c17-163a-4511-bb96-bbb476449796\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs on which the Log Analytics agent is not connected as expected\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsLogAnalyticsAgentConnection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a030a57e-4639-4e8f-ade9-a92f33afe7ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1145 - Security Assessments\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a0724970-9c75-4a64-a225-a28002953f28\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy. Only resource types that support 'tags' and 'location' will be affected by this policy. To restrict all resources please duplicate this policy and change the 'mode' to 'All'.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1245 - Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1245\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a0e45314-57b8-4623-80cd-bbb561f59516\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1406 - Maintenance Tools | Inspect Media\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1406\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a0f5339c-9292-43aa-a0bc-d27c6b8e30aa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Security Center standard pricing tier should be selected\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The standard pricing tier enables threat detection for networks and virtual machines, providing threat intelligence, anomaly detection, and behavior analytics in Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Security/pricings\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Security/pricings/pricingTier\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Security/pricings/pricingTier\",\r\n \"notEquals\": \"Standard\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1181c5f-672a-477a-979a-7d58aa086233\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a18adb5b-1db6-4a5b-901a-7d3797d12972\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Logic Apps to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Logic Apps to stream to a regional Event Hub when any Logic Apps which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Logic/workflows/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"WorkflowRuntime\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1dae6c7-13f3-48ea-a149-ff8442661f60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Administrative Templates - System'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Administrative Templates - System'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdministrativeTemplatesSystem\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1e8dda3-9fd2-4835-aec3-0e55531fde33\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1612 - Developer Security Architecture And Design\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1612\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a2037b3d-8b04-4171-8610-e6d4f1d08db5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1197 - Configuration Change Control | Test / Validate / Document Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1197\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a20d2eaa-88e2-4907-96a2-8f3a05797e5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1275\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a23d9d53-ad2e-45ef-afd5-e6d10900a737\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1690 - Information System Monitoring | System-Wide Intrusion Detection System\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1690\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a2567a23-d1c3-4783-99f3-d471302a4d6b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1410\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a2596a9f-e59f-420d-9625-6e0b536348be\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1059 - Remote Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1059\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a29b5d9f-4953-4afe-b560-203a6410b6b4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs that are not joined to the specified domain\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that are not joined to the specified domain. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsDomainMembership\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a29ee95c-0395-4515-9851-cc04ffe82a91\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1532 - Third-Party Personnel Security\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a2c66299-9017-4d95-8040-8bdbf7901d52\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1664\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a2cdf6b8-9505-4619-b579-309ba72037ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1238 - User-Installed Software\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1693 - Information System Monitoring | System-Generated Alerts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a450eba6-2efc-4a00-846a-5804a93c6b77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web Application should only be accessible over HTTPS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a4af4a39-4135-47fb-b175-47fbdf85311d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1617 - Application Partitioning\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a631d8f5-eb81-4f9d-9ee1-74431371e4a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Auditing should be enabled on advanced data security settings on SQL Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Auditing tracks database events and writes them to an audit log in the Azure storage account. It also helps to maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"The Log Analytics agent should be installed on virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Windows/Linux virtual machines if the Log Analytics agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"in\": [\r\n \"MicrosoftMonitoringAgent\",\r\n \"OmsAgentForLinux\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a70ca396-0a34-413a-88e1-b956c1e683be\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1431 - Media Storage\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1431\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7173c52-2b99-4696-a576-63dd5f970ef4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1644 - Cryptographic Key Establishment And Management | Availability\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1644\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7211477-c970-446b-b4af-062f37461147\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1027 - Access Enforcement\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"DDoS Protection Standard should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1570 - Acquisition Process\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7fcf38d-bb09-4600-be7d-825046eb162a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1295 - Information System Recovery And Reconstitution\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1295\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a895fbdb-204d-4302-9689-0a59dc42b3d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated] Monitor unencrypted SQL databases in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL databases will be monitored by Azure Security Center as recommendations. This policy is deprecated and replaced by the following policy: Transparent Data Encryption on SQL databases should be enabled'\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1283\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9172e76-7f56-46e9-93bf-75d69bdb5491\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1400 - Controlled Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1400\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a96d5098-a604-4cdf-90b1-ef6449a27424\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit Repositories\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a96f743d-a195-420d-983a-08aa06bc441e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1199 - Configuration Change Control | Cryptography Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1199\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9a08d1c-09b1-48f1-90ea-029bbdf7111e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - Detailed Tracking'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Detailed Tracking'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesDetailedTracking\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9a33475-481d-4b81-9116-0bf02ffe67e8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWatcher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1511 - Personnel Screening\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9eae324-d327-4539-9293-b48e122465f8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MFA should be enabled on accounts with owner permissions on your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that Register with Azure Active Directory is enabled on WEB App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Managed service identity in App Service makes the app more secure by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in the app service, the app will connect to other Azure services securely without the need of username and passwords\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.managedServiceIdentityId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa81768c-cb87-4ce2-bfaa-00baa10d760c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1539 - Security Categorization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aabb155f-e7a5-4896-a767-e918bfae2ee0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1006 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1006\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aae8d54c-4bce-4c04-b3aa-5b65b67caac8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1461 - Monitoring Physical Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1461\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aafef03e-fea8-470b-88fa-54bd1fcd7064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1073 - Access Control For Mobile Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1073\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'PHP version' is the latest, if used as a part of the Function app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for Function apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"PHPLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest PHP version\",\r\n \"description\": \"Latest supported PHP version for App Services\"\r\n },\r\n \"defaultValue\": \"7.3\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"PHP\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"[concat('PHP|', parameters('PHPLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"[parameters('PHPLatestVersion')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ab965db2-d2bf-4b64-8b39-c38ec8179461\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1323 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1323\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abe8f70b-680f-470c-9b86-a7edfb664ecc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Advanced data security should be enabled on your SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit SQL servers without Advanced Data Security\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/securityAlertPolicies/state\",\r\n \"equals\": \"Enabled\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Advanced data security should be enabled on your SQL managed instances\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit SQL managed instances without Advanced Data Security\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/managedInstances/securityAlertPolicies/state\",\r\n \"equals\": \"Enabled\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1056 - Session Termination | User-Initiated Logouts / Message Displays\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1056\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac43352f-df83-4694-8738-cfce549fd08d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Role-Based Access Control (RBAC) should be used on Kubernetes Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"To provide granular filtering on the actions that users can perform, use Role-Based Access Control (RBAC) to manage permissions in Kubernetes Service Clusters and configure relevant authorization policies.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/enableRBAC\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/enableRBAC\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"Tags\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags['environment']\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1569 - Acquisition Process\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1569\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ad2f8e61-a564-4dfd-8eaa-816f5be8cb34\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1454 - Physical Access Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1454\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ad58985d-ab32-4f99-8bd3-b7e134c90229\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1025 - Account Management | Account Monitoring / Atypical Usage\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1025\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"adfe020d-0a97-45f4-a39c-696ef99f3a95\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1272 - Alternate Processing Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1272\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"SQL Server should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any SQL Server not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ae5d2f14-d830-42b6-9899-df6cfe9c71a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1598 - Developer Configuration Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ae7e1f5e-2d63-4b38-91ef-bce14151cce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Email notifications to admins and subscription owners should be enabled in SQL managed instance advanced data security settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that 'email notification to admins and subscription owners' is enabled in the SQL managed instance advanced threat protection settings. This ensures that any detections of anomalous activities on SQL managed instance are reported as soon as possible to the admins.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb23562-188d-47cb-80b8-551f16ef9fff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1413 - Nonlocal Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1413\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeedddb6-6bc0-42d5-809b-80048033419d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1710 - Security Function Verification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1710\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af2a93c8-e6dd-4c94-acdd-4a2eedfc478e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated] Monitor unaudited SQL servers in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers which don't have SQL auditing turned on will be monitored by Azure Security Center as recommendations. This policy is deprecated and replaced by the following policy: 'Auditing should be enabled on advanced data security settings on SQL Server'\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric Keys\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1645\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"afbd0baf-ff1a-4447-a86f-088a97347c0c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1725 - Error Handling\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1725\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"afc234b5-456b-4aa5-b3e2-ce89108124cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Activity log should be retained for at least one year\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits the activity log if the retention is not set for 365 days or forever (retention days set to 0).\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logProfiles\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/retentionPolicy.days\",\r\n \"equals\": \"365\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/retentionPolicy.enabled\",\r\n \"equals\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b02aacc0-b073-424e-8298-42b22829ee0a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1429 - Media Marking\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b07c9b24-729e-4e85-95fc-f224d2d08a80\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1711 - Security Function Verification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b083a535-a66a-41ec-ba7f-f9498bf67cde\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Just-In-Time network access control should be applied on virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1571 - Acquisition Process\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b11c985b-f2cd-4bd7-85f4-b52426edf905\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Linux VMs that do not have the passwd file permissions set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that do not have the passwd file permissions set to 0644. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1537 - Risk Assessment Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b19454ca-0d70-42c0-acf5-ea1c1e5726d1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1091 - Security Awareness Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1091\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b23bd715-5d1c-4e5c-9759-9cbdf79ded9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1078 - Use Of External Information Systems | Limits On Authorized Use\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1078\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b25faf85-8a16-4f28-8e15-d05c0072d64d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1009 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1009\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b26f8610-e615-47c2-abd6-c00b2b0b503a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"All authorization rules except RootManageSharedAccessKey should be removed from Event Hub namespace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1234 - Software Usage Restrictions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1234\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b293f881-361c-47ed-b997-bc4e2296bc0b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1107 - Content Of Audit Records\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1107\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b29ed931-8e21-4779-8458-27916122a904\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows web servers that are not using secure communication protocols\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"MinimumTLSVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Minimum TLS version\",\r\n \"description\": \"The minimum TLS protocol version that should be enabled. Windows web servers with lower TLS versions will be marked as non-compliant.\"\r\n },\r\n \"allowedValues\": [\r\n \"1.1\",\r\n \"1.2\"\r\n ],\r\n \"defaultValue\": \"1.1\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[SecureWebServer]s1;MinimumTLSVersion', '=', parameters('MinimumTLSVersion')))]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"value\": \"[parameters('MinimumTLSVersion')]\",\r\n \"equals\": \"1.1\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n },\r\n \"MinimumTLSVersion\": {\r\n \"value\": \"[parameters('MinimumTLSVersion')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"MinimumTLSVersion\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[SecureWebServer]s1;MinimumTLSVersion\",\r\n \"value\": \"[parameters('MinimumTLSVersion')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[SecureWebServer]s1;MinimumTLSVersion\",\r\n \"value\": \"[parameters('MinimumTLSVersion')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - Logon-Logoff'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Logon-Logoff'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesLogonLogoff\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b3802d79-dd88-4bce-b81d-780218e48280\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b3d8d15b-627a-4219-8c96-4d16f788888b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1380 - Incident Response Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4319b7e-ea8d-42ff-8a67-ccd462972827\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Search services should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1172 - Internal System Connections\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b43e946e-a4c8-4b92-8201-4a39331db43c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1672 - Flaw Remediation | Central Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1672\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b45fe972-904e-45a4-ac20-673ba027a301\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1131 - Protection Of Audit Information\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1131\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b472a17e-c2bc-493f-b50b-42d55a346962\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"A security contact phone number should be provided for your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enter a phone number to receive notifications when Azure Security Center detects compromised resources\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/securityContacts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/securityContacts/phone\",\r\n \"notEquals\": \"\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4d66858-c922-44e3-9566-5cdb7a7be744\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4f9b47a-2116-4e6f-88db-4edbf22753f1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Service Fabric clusters should only use Azure Active Directory for client authentication\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Advanced Threat Protection for Cosmos DB Accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables Advanced Threat Protection across Cosmos DB accounts.\",\r\n \"metadata\": {\r\n \"category\": \"Cosmos DB\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/advancedThreatProtectionSettings\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/advancedThreatProtectionSettings/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"cosmosDbAccountName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2019-01-01\",\r\n \"type\": \"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings\",\r\n \"name\": \"[concat(parameters('cosmosDbAccountName'), '/Microsoft.Security/current')]\",\r\n \"properties\": {\r\n \"isEnabled\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"cosmosDbAccountName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b5f04e03-92a3-4b09-9410-2cc5e5047656\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in App Services should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"notContains\": \"functionapp\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b6747bf9-2b97-45b8-b162-3c8becb9937d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1301 - Identification And Authentication (Org. Users) | Network Access To Privileged Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1301\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1568 - Acquisition Process\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1568\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b6a8eae8-9854-495a-ac82-d2cd3eac02a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Network Watcher should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Watcher is a regional service that enables you to monitor and diagnose conditions at a network scenario level in, to, and from Azure. Scenario level monitoring enables you to diagnose problems at an end to end network level view. Network diagnostic and visualization tools available with Network Watcher help you understand, diagnose, and gain insights to your network in Azure.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"listOfLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Locations\",\r\n \"description\": \"Audit if Network Watcher is not enabled for region(s).\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"NetworkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfLocations')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1608 - Supply Chain Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1401 - Controlled Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b78ee928-e3c1-4569-ad97-9f8c4b629847\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"API App should only be accessible over HTTPS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b7ddfbdc-1260-477d-91fd-98bd9be789a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs in which the Administrators group does not contain only the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines in which the Administrators group does not contain only the specified members. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"Members\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members\",\r\n \"description\": \"A semicolon-separated list of all the expected members of the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AdministratorsGroupMembers\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[LocalGroup]AdministratorsGroup;Members', '=', parameters('Members')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AdministratorsGroupMembers\"\r\n },\r\n \"Members\": {\r\n \"value\": \"[parameters('Members')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"Members\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LocalGroup]AdministratorsGroup;Members\",\r\n \"value\": \"[parameters('Members')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LocalGroup]AdministratorsGroup;Members\",\r\n \"value\": \"[parameters('Members')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b821191b-3a12-44bc-9c38-212138a29ff3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Accounts'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Accounts'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b872a447-cc6f-43b9-bccf-45703cd81607\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Logic Apps to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Logic Apps to stream to a regional Log Analytics workspace when any Logic Apps which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Logic/workflows/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"WorkflowRuntime\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b889a06c-ec72-4b03-910a-cb169ee18721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1257 - Contingency Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1257\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b958b241-4245-4bd6-bd2d-b8f0779fb543\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1186 - Configuration Change Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1186\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b95ba3bd-4ded-49ea-9d10-c6f4b680813d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1447 - Physical Access Authorizations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1447\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9783a99-98fe-4a95-873f-29613309fe9a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1625 - Boundary Protection | Access Points\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1625\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9b66a4d-70a1-4b47-8fa1-289cec68c605\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1610 - Development Process, Standards, And Tools\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1610\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9f3fb54-4222-46a1-a308-4874061f8491\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Recovery console'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Recovery console'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsRecoveryconsole\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ba12366f-f9a6-42b8-9d98-157d0b1a837b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1726 - Information Handling And Retention\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"baff1279-05e0-4463-9a70-8ba5de4c7aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1166 - Continuous Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1166\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb02733d-3cc5-4bb0-a6cd-695ba2c2272e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1188 - Configuration Change Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1188\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb20548a-c926-4e4d-855c-bcddc6faf95e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1533 - Third-Party Personnel Security\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Security Options - Microsoft Network Client'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Microsoft Network Client'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"MicrosoftNetworkClientDigitallySignCommunicationsAlways\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network client: Digitally sign communications (always)\",\r\n \"description\": \"Specifies whether packet signing is required by the SMB client component.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network client: Send unencrypted password to third-party SMB servers\",\r\n \"description\": \"Specifies whether the SMB redirector will send plaintext passwords during authentication to third-party SMB servers that do not support password encryption. It is recommended that you disable this policy setting unless there is a strong business case to enable it.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Amount of idle time required before suspending session\",\r\n \"description\": \"Specifies the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity. The format of the value is two integers separated by a comma, denoting an inclusive range.\"\r\n },\r\n \"defaultValue\": \"1,15\"\r\n },\r\n \"MicrosoftNetworkServerDigitallySignCommunicationsAlways\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Digitally sign communications (always)\",\r\n \"description\": \"Specifies whether packet signing is required by the SMB server component.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Disconnect clients when logon hours expire\",\r\n \"description\": \"Specifies whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. If you enable this policy setting you should also enable 'Network security: Force logoff when logon hours expire'\"\r\n },\r\n \"defaultValue\": \"1\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsMicrosoftNetworkClient\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Microsoft network client: Digitally sign communications (always);ExpectedValue', '=', parameters('MicrosoftNetworkClientDigitallySignCommunicationsAlways'), ',', 'Microsoft network client: Send unencrypted password to third-party SMB servers;ExpectedValue', '=', parameters('MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers'), ',', 'Microsoft network server: Amount of idle time required before suspending session;ExpectedValue', '=', parameters('MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession'), ',', 'Microsoft network server: Digitally sign communications (always);ExpectedValue', '=', parameters('MicrosoftNetworkServerDigitallySignCommunicationsAlways'), ',', 'Microsoft network server: Disconnect clients when logon hours expire;ExpectedValue', '=', parameters('MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsMicrosoftNetworkClient\"\r\n },\r\n \"MicrosoftNetworkClientDigitallySignCommunicationsAlways\": {\r\n \"value\": \"[parameters('MicrosoftNetworkClientDigitallySignCommunicationsAlways')]\"\r\n },\r\n \"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers\": {\r\n \"value\": \"[parameters('MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers')]\"\r\n },\r\n \"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession')]\"\r\n },\r\n \"MicrosoftNetworkServerDigitallySignCommunicationsAlways\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerDigitallySignCommunicationsAlways')]\"\r\n },\r\n \"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"MicrosoftNetworkClientDigitallySignCommunicationsAlways\": {\r\n \"type\": \"string\"\r\n },\r\n \"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers\": {\r\n \"type\": \"string\"\r\n },\r\n \"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession\": {\r\n \"type\": \"string\"\r\n },\r\n \"MicrosoftNetworkServerDigitallySignCommunicationsAlways\": {\r\n \"type\": \"string\"\r\n },\r\n \"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Microsoft network client: Digitally sign communications (always);ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkClientDigitallySignCommunicationsAlways')]\"\r\n },\r\n {\r\n \"name\": \"Microsoft network client: Send unencrypted password to third-party SMB servers;ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers')]\"\r\n },\r\n {\r\n \"name\": \"Microsoft network server: Amount of idle time required before suspending session;ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession')]\"\r\n },\r\n {\r\n \"name\": \"Microsoft network server: Digitally sign communications (always);ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkServerDigitallySignCommunicationsAlways')]\"\r\n },\r\n {\r\n \"name\": \"Microsoft network server: Disconnect clients when logon hours expire;ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bbcdd8fa-b600-4ee3-85b8-d184e3339652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bbcdd8fa-b600-4ee3-85b8-d184e3339652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1194 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1194\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc34667f-397e-4a65-9b72-d0358f0b6b09\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1095 - Role-Based Security Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1095\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc3f6f7a-057b-433e-9834-e8c97b0194f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - Account Logon'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Account Logon'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesAccountLogon\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc87d811-4a9b-47cc-ae54-0a41abda7768\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1427 - Media Protection Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1427\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc90e44f-d83f-4bdf-900f-3d5eb4111b31\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1351 - Incident Response Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1351\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bcfb6683-05e5-4ce6-9723-c3fbe9896bdd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1050 - Concurrent Session Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1050\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bd20184c-b4ec-4ce5-8db6-6e86352d183f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: IP Forwarding on your virtual machine should be disabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enabling IP forwarding on a virtual machine's NIC allows the machine to receive traffic addressed to other destinations. IP forwarding is rarely required (e.g., when using the VM as a network virtual appliance), and therefore, this should be reviewed by the network security team.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"disableIPForwarding\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bd352bd5-2853-4985-bf0d-73806b4a5744\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Advanced Threat Protection types should be set to 'All' in SQL managed instance Advanced Data Security settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/managedInstances/securityAlertPolicies/disabledAlerts[*]\",\r\n \"equals\": \"\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bda18df3-5e41-4709-add9-2554ce68c966\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs in which the Administrators group contains any of the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines in which the Administrators group contains any of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AdministratorsGroupMembersToExclude\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bde62c94-ccca-4821-a815-92c1d31a76de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1360 - Incident Handling\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1360\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be5b05e7-0b82-4ebc-9eda-25e447b1a41e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a regional Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bef3f64c-5290-43b7-85b0-9b254eef4c47\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1152 - System Interconnections\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1152\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"beff0acf-7e67-40b2-b1ca-1a0e8205cf1b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Geo-redundant storage should be enabled for Storage Accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Storage Account with geo-redundant storage not enabled.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": [\r\n \"Standard_GRS\",\r\n \"Standard_RAGRS\",\r\n \"Standard_GZRS\",\r\n \"Standard_RAGZRS\"\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bf045164-79ba-4215-8f95-f8048dc1780b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1590 - External Information System Services | Risk Assessments / Organizational Approvals\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bf296b8c-f391-4ea4-9198-be3c9d39dd1f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1446 - Physical And Environmental Protection Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bf6850fe-abba-468e-9ef4-d09ec7d983cd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'System Audit Policies - Logon-Logoff'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Logon-Logoff'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"AuditGroupMembership\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Group Membership\",\r\n \"description\": \"Specifies whether audit events are generated when group memberships are enumerated on the client computer.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"Success\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesLogonLogoff\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Audit Group Membership;ExpectedValue', '=', parameters('AuditGroupMembership')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesLogonLogoff\"\r\n },\r\n \"AuditGroupMembership\": {\r\n \"value\": \"[parameters('AuditGroupMembership')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditGroupMembership\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Group Membership;ExpectedValue\",\r\n \"value\": \"[parameters('AuditGroupMembership')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c04255ee-1b9f-42c1-abaa-bf1553f79930\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Only approved VM extensions should be installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy governs the virtual machine extensions that are not approved.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"approvedExtensions\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of approved extension types that can be installed. Example: AzureDiskEncryption\",\r\n \"displayName\": \"Approved extensions\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"notIn\": \"[parameters('approvedExtensions')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0e996f8-39cf-4af9-9f45-83fbde810432\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1124 - Audit Reduction And Report Generation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1124\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c10152dd-78f8-4335-ae2d-ad92cc028da4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1676 - Malicious Code Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1676\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c10fb58b-56a8-489e-9ce3-7ffe24e78e4b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1719 - Spam Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1719\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c13da9b4-fe14-4fe2-853a-5997c9d4215a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1226 - Information System Component Inventory | Automated Unauthorized Component Detection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1226\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c158eb1c-ae7e-4081-8057-d527140c4e0c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy associations for a custom provider\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys an association resource that associates selected resource types to the specified custom provider. This policy deployment does not support nested resource types.\",\r\n \"metadata\": {\r\n \"category\": \"Custom Provider\"\r\n },\r\n \"parameters\": {\r\n \"targetCustomProviderId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Custom provider Id\",\r\n \"description\": \"Resource ID of the Custom provider to which resources need to be associated.\"\r\n }\r\n },\r\n \"resourceTypesToAssociate\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource types to associate\",\r\n \"description\": \"The list of resource types to be associated to the custom provider.\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n },\r\n \"associationNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Association name prefix\",\r\n \"description\": \"Prefix to be added to the name of the association resource being created.\"\r\n },\r\n \"defaultValue\": \"DeployedByPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('resourceTypesToAssociate')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.CustomProviders/Associations\",\r\n \"name\": \"[concat(parameters('associationNamePrefix'), '-', uniqueString(parameters('targetCustomProviderId')))]\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"associatedResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceTypesToAssociate\": {\r\n \"type\": \"string\"\r\n },\r\n \"targetCustomProviderId\": {\r\n \"type\": \"string\"\r\n },\r\n \"associationNamePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"resourceType\": \"[concat(parameters('resourceTypesToAssociate'), '/providers/associations')]\",\r\n \"resourceName\": \"[concat(parameters('associatedResourceName'), '/microsoft.customproviders/', parameters('associationNamePrefix'), '-', uniqueString(parameters('targetCustomProviderId')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[concat(deployment().Name, '-2')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"type\": \"[variables('resourceType')]\",\r\n \"name\": \"[variables('resourceName')]\",\r\n \"apiVersion\": \"2018-09-01-preview\",\r\n \"properties\": {\r\n \"targetResourceId\": \"[parameters('targetCustomProviderId')]\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceTypesToAssociate\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"associatedResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"targetCustomProviderId\": {\r\n \"value\": \"[parameters('targetCustomProviderId')]\"\r\n },\r\n \"associationNamePrefix\": {\r\n \"value\": \"[parameters('associationNamePrefix')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c15c281f-ea5c-44cd-90b8-fc3c14d13f0c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1629 - Boundary Protection | External Telecommunications Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1629\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c171b095-7756-41de-8644-a062a96043f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1004 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1004\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c17822dc-736f-4eb4-a97d-e6be662ff835\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'System Audit Policies - Account Logon'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Account Logon'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"AuditCredentialValidation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Credential Validation\",\r\n \"description\": \"Specifies whether audit events are generated when credentials are submitted for a user account logon request. This setting is especially useful for monitoring unsuccessful attempts, to find brute-force attacks, account enumeration, and potential account compromise events on domain controllers.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"Success and Failure\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesAccountLogon\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Audit Credential Validation;ExpectedValue', '=', parameters('AuditCredentialValidation')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesAccountLogon\"\r\n },\r\n \"AuditCredentialValidation\": {\r\n \"value\": \"[parameters('AuditCredentialValidation')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditCredentialValidation\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Credential Validation;ExpectedValue\",\r\n \"value\": \"[parameters('AuditCredentialValidation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1e289c0-ffad-475d-a924-adc058765d65\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1503 - Information Security Architecture\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1503\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1fa9c2f-d439-4ab9-8b83-81fb1934f81d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs that are not set to the specified time zone\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that are not set to the specified time zone. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"TimeZone\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time zone\",\r\n \"description\": \"The expected time zone\"\r\n },\r\n \"allowedValues\": [\r\n \"(UTC-12:00) International Date Line West\",\r\n \"(UTC-11:00) Coordinated Universal Time-11\",\r\n \"(UTC-10:00) Aleutian Islands\",\r\n \"(UTC-10:00) Hawaii\",\r\n \"(UTC-09:30) Marquesas Islands\",\r\n \"(UTC-09:00) Alaska\",\r\n \"(UTC-09:00) Coordinated Universal Time-09\",\r\n \"(UTC-08:00) Baja California\",\r\n \"(UTC-08:00) Coordinated Universal Time-08\",\r\n \"(UTC-08:00) Pacific Time (US & Canada)\",\r\n \"(UTC-07:00) Arizona\",\r\n \"(UTC-07:00) Chihuahua, La Paz, Mazatlan\",\r\n \"(UTC-07:00) Mountain Time (US & Canada)\",\r\n \"(UTC-06:00) Central America\",\r\n \"(UTC-06:00) Central Time (US & Canada)\",\r\n \"(UTC-06:00) Easter Island\",\r\n \"(UTC-06:00) Guadalajara, Mexico City, Monterrey\",\r\n \"(UTC-06:00) Saskatchewan\",\r\n \"(UTC-05:00) Bogota, Lima, Quito, Rio Branco\",\r\n \"(UTC-05:00) Chetumal\",\r\n \"(UTC-05:00) Eastern Time (US & Canada)\",\r\n \"(UTC-05:00) Haiti\",\r\n \"(UTC-05:00) Havana\",\r\n \"(UTC-05:00) Indiana (East)\",\r\n \"(UTC-05:00) Turks and Caicos\",\r\n \"(UTC-04:00) Asuncion\",\r\n \"(UTC-04:00) Atlantic Time (Canada)\",\r\n \"(UTC-04:00) Caracas\",\r\n \"(UTC-04:00) Cuiaba\",\r\n \"(UTC-04:00) Georgetown, La Paz, Manaus, San Juan\",\r\n \"(UTC-04:00) Santiago\",\r\n \"(UTC-03:30) Newfoundland\",\r\n \"(UTC-03:00) Araguaina\",\r\n \"(UTC-03:00) Brasilia\",\r\n \"(UTC-03:00) Cayenne, Fortaleza\",\r\n \"(UTC-03:00) City of Buenos Aires\",\r\n \"(UTC-03:00) Greenland\",\r\n \"(UTC-03:00) Montevideo\",\r\n \"(UTC-03:00) Punta Arenas\",\r\n \"(UTC-03:00) Saint Pierre and Miquelon\",\r\n \"(UTC-03:00) Salvador\",\r\n \"(UTC-02:00) Coordinated Universal Time-02\",\r\n \"(UTC-02:00) Mid-Atlantic - Old\",\r\n \"(UTC-01:00) Azores\",\r\n \"(UTC-01:00) Cabo Verde Is.\",\r\n \"(UTC) Coordinated Universal Time\",\r\n \"(UTC+00:00) Dublin, Edinburgh, Lisbon, London\",\r\n \"(UTC+00:00) Monrovia, Reykjavik\",\r\n \"(UTC+00:00) Sao Tome\",\r\n \"(UTC+01:00) Casablanca\",\r\n \"(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna\",\r\n \"(UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague\",\r\n \"(UTC+01:00) Brussels, Copenhagen, Madrid, Paris\",\r\n \"(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb\",\r\n \"(UTC+01:00) West Central Africa\",\r\n \"(UTC+02:00) Amman\",\r\n \"(UTC+02:00) Athens, Bucharest\",\r\n \"(UTC+02:00) Beirut\",\r\n \"(UTC+02:00) Cairo\",\r\n \"(UTC+02:00) Chisinau\",\r\n \"(UTC+02:00) Damascus\",\r\n \"(UTC+02:00) Gaza, Hebron\",\r\n \"(UTC+02:00) Harare, Pretoria\",\r\n \"(UTC+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius\",\r\n \"(UTC+02:00) Jerusalem\",\r\n \"(UTC+02:00) Kaliningrad\",\r\n \"(UTC+02:00) Khartoum\",\r\n \"(UTC+02:00) Tripoli\",\r\n \"(UTC+02:00) Windhoek\",\r\n \"(UTC+03:00) Baghdad\",\r\n \"(UTC+03:00) Istanbul\",\r\n \"(UTC+03:00) Kuwait, Riyadh\",\r\n \"(UTC+03:00) Minsk\",\r\n \"(UTC+03:00) Moscow, St. Petersburg\",\r\n \"(UTC+03:00) Nairobi\",\r\n \"(UTC+03:30) Tehran\",\r\n \"(UTC+04:00) Abu Dhabi, Muscat\",\r\n \"(UTC+04:00) Astrakhan, Ulyanovsk\",\r\n \"(UTC+04:00) Baku\",\r\n \"(UTC+04:00) Izhevsk, Samara\",\r\n \"(UTC+04:00) Port Louis\",\r\n \"(UTC+04:00) Saratov\",\r\n \"(UTC+04:00) Tbilisi\",\r\n \"(UTC+04:00) Volgograd\",\r\n \"(UTC+04:00) Yerevan\",\r\n \"(UTC+04:30) Kabul\",\r\n \"(UTC+05:00) Ashgabat, Tashkent\",\r\n \"(UTC+05:00) Ekaterinburg\",\r\n \"(UTC+05:00) Islamabad, Karachi\",\r\n \"(UTC+05:00) Qyzylorda\",\r\n \"(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi\",\r\n \"(UTC+05:30) Sri Jayawardenepura\",\r\n \"(UTC+05:45) Kathmandu\",\r\n \"(UTC+06:00) Astana\",\r\n \"(UTC+06:00) Dhaka\",\r\n \"(UTC+06:00) Omsk\",\r\n \"(UTC+06:30) Yangon (Rangoon)\",\r\n \"(UTC+07:00) Bangkok, Hanoi, Jakarta\",\r\n \"(UTC+07:00) Barnaul, Gorno-Altaysk\",\r\n \"(UTC+07:00) Hovd\",\r\n \"(UTC+07:00) Krasnoyarsk\",\r\n \"(UTC+07:00) Novosibirsk\",\r\n \"(UTC+07:00) Tomsk\",\r\n \"(UTC+08:00) Beijing, Chongqing, Hong Kong, Urumqi\",\r\n \"(UTC+08:00) Irkutsk\",\r\n \"(UTC+08:00) Kuala Lumpur, Singapore\",\r\n \"(UTC+08:00) Perth\",\r\n \"(UTC+08:00) Taipei\",\r\n \"(UTC+08:00) Ulaanbaatar\",\r\n \"(UTC+08:45) Eucla\",\r\n \"(UTC+09:00) Chita\",\r\n \"(UTC+09:00) Osaka, Sapporo, Tokyo\",\r\n \"(UTC+09:00) Pyongyang\",\r\n \"(UTC+09:00) Seoul\",\r\n \"(UTC+09:00) Yakutsk\",\r\n \"(UTC+09:30) Adelaide\",\r\n \"(UTC+09:30) Darwin\",\r\n \"(UTC+10:00) Brisbane\",\r\n \"(UTC+10:00) Canberra, Melbourne, Sydney\",\r\n \"(UTC+10:00) Guam, Port Moresby\",\r\n \"(UTC+10:00) Hobart\",\r\n \"(UTC+10:00) Vladivostok\",\r\n \"(UTC+10:30) Lord Howe Island\",\r\n \"(UTC+11:00) Bougainville Island\",\r\n \"(UTC+11:00) Chokurdakh\",\r\n \"(UTC+11:00) Magadan\",\r\n \"(UTC+11:00) Norfolk Island\",\r\n \"(UTC+11:00) Sakhalin\",\r\n \"(UTC+11:00) Solomon Is., New Caledonia\",\r\n \"(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky\",\r\n \"(UTC+12:00) Auckland, Wellington\",\r\n \"(UTC+12:00) Coordinated Universal Time+12\",\r\n \"(UTC+12:00) Fiji\",\r\n \"(UTC+12:00) Petropavlovsk-Kamchatsky - Old\",\r\n \"(UTC+12:45) Chatham Islands\",\r\n \"(UTC+13:00) Coordinated Universal Time+13\",\r\n \"(UTC+13:00) Nuku'alofa\",\r\n \"(UTC+13:00) Samoa\",\r\n \"(UTC+14:00) Kiritimati Island\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsTimeZone\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[WindowsTimeZone]WindowsTimeZone1;TimeZone', '=', parameters('TimeZone')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsTimeZone\"\r\n },\r\n \"TimeZone\": {\r\n \"value\": \"[parameters('TimeZone')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"TimeZone\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\r\n \"value\": \"[parameters('TimeZone')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\r\n \"value\": \"[parameters('TimeZone')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c21f7060-c148-41cf-a68b-0ab3e14c764c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs on which the specified services are not installed and 'Running'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines on which the specified services are not installed and 'Running'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsServiceStatus\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that '.Net Framework' version is the latest, if used as a part of the API app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for .Net Framework software either due to security flaws or to include additional functionality. Using the latest .Net framework version for web apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.netFrameworkVersion\",\r\n \"in\": [\r\n \"v3.0\",\r\n \"v4.0\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c2e7ca55-f62c-49b2-89a4-d41eb661d2f0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1176 - Baseline Configuration\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1176\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c30690a5-7bf3-467f-b0cd-ef5c7c7449cd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1389 - Information Spillage Response\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c39e6fda-ae70-4891-a739-be7bba6d1062\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1390 - Information Spillage Response | Responsible Personnel\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c3b65b63-09ec-4cb5-8028-7dd324d10eb0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"System updates on virtual machine scale sets should be installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit whether there are any missing system security updates and critical updates that should be installed to ensure that your Windows and Linux virtual machine scale sets are secure.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"SystemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c3f317a7-a95c-4547-b7e7-11017ebdf2fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Linux VMs that have accounts without passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that have accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1220\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40f31a7-81e1-4130-99e5-a02ceea2a1d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1513 - Personnel Screening | Information With Special Protection Measures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1513\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c416970d-b12b-49eb-8af4-fb144cd7c290\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Antimalware for Azure should be configured to automatically update protection signatures\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Windows virtual machine not configured with automatic update of Microsoft Antimalware protection signatures.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"equals\": \"Windows\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c43e4a30-77cb-48ab-a4dd-93f175c63b57\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Container Registry should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Container Registry not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerRegistry/registries\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\r\n \"notEquals\": \"Deny\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c4857be7-912a-4c75-87e6-e30292bcdf78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1235 - Software Usage Restrictions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1235\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c49c610b-ece4-44b3-988c-2172b70d6e46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1173 - Internal System Connections\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c4aff9e7-2e60-46fa-86be-506b79033fc5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Managed identity should be used in your API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Use a managed identity for enhanced authentication security\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/managedServiceIdentityId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1600 - Developer Security Testing And Evaluation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1600\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c53f3123-d233-44a7-930b-f40d3bfeb7d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1408\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c5f56ac6-4bb2-4086-bc41-ad76344ba2c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that contain certificates expiring within the specified number of days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that contain certificates expiring within the specified number of days. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"CertificateStorePath\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate store path\",\r\n \"description\": \"The path to the certificate store containing the certificates to check the expiration dates of. Default value is 'Cert:' which is the root certificate store path, so all certificates on the machine will be checked. Other example paths: 'Cert:\\\\LocalMachine', 'Cert:\\\\LocalMachine\\\\TrustedPublisher', 'Cert:\\\\CurrentUser'\"\r\n },\r\n \"defaultValue\": \"Cert:\"\r\n },\r\n \"ExpirationLimitInDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expiration limit in days\",\r\n \"description\": \"An integer indicating the number of days within which to check for certificates that are expiring. For example, if this value is 30, any certificate expiring within the next 30 days will cause this policy to be non-compliant.\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"CertificateThumbprintsToInclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints to include\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints to check under the specified path. If a value is not specified, all certificates under the certificate store path will be checked. If a value is specified, no certificates other than those with the thumbprints specified will be checked. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"CertificateThumbprintsToExclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints to exclude\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints to ignore. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"IncludeExpiredCertificates\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Include expired certificates\",\r\n \"description\": \"Must be 'true' or 'false'. True indicates that any found certificates that have already expired will also make this policy non-compliant. False indicates that certificates that have expired will be be ignored.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"CertificateExpiration\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[CertificateStore]CertificateStore1;CertificateStorePath', '=', parameters('CertificateStorePath'), ',', '[CertificateStore]CertificateStore1;ExpirationLimitInDays', '=', parameters('ExpirationLimitInDays'), ',', '[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude', '=', parameters('CertificateThumbprintsToInclude'), ',', '[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude', '=', parameters('CertificateThumbprintsToExclude'), ',', '[CertificateStore]CertificateStore1;IncludeExpiredCertificates', '=', parameters('IncludeExpiredCertificates')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"CertificateExpiration\"\r\n },\r\n \"CertificateStorePath\": {\r\n \"value\": \"[parameters('CertificateStorePath')]\"\r\n },\r\n \"ExpirationLimitInDays\": {\r\n \"value\": \"[parameters('ExpirationLimitInDays')]\"\r\n },\r\n \"CertificateThumbprintsToInclude\": {\r\n \"value\": \"[parameters('CertificateThumbprintsToInclude')]\"\r\n },\r\n \"CertificateThumbprintsToExclude\": {\r\n \"value\": \"[parameters('CertificateThumbprintsToExclude')]\"\r\n },\r\n \"IncludeExpiredCertificates\": {\r\n \"value\": \"[parameters('IncludeExpiredCertificates')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"CertificateStorePath\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExpirationLimitInDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"CertificateThumbprintsToInclude\": {\r\n \"type\": \"string\"\r\n },\r\n \"CertificateThumbprintsToExclude\": {\r\n \"type\": \"string\"\r\n },\r\n \"IncludeExpiredCertificates\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateStorePath\",\r\n \"value\": \"[parameters('CertificateStorePath')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;ExpirationLimitInDays\",\r\n \"value\": \"[parameters('ExpirationLimitInDays')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude\",\r\n \"value\": \"[parameters('CertificateThumbprintsToInclude')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude\",\r\n \"value\": \"[parameters('CertificateThumbprintsToExclude')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;IncludeExpiredCertificates\",\r\n \"value\": \"[parameters('IncludeExpiredCertificates')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateStorePath\",\r\n \"value\": \"[parameters('CertificateStorePath')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;ExpirationLimitInDays\",\r\n \"value\": \"[parameters('ExpirationLimitInDays')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude\",\r\n \"value\": \"[parameters('CertificateThumbprintsToInclude')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude\",\r\n \"value\": \"[parameters('CertificateThumbprintsToExclude')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;IncludeExpiredCertificates\",\r\n \"value\": \"[parameters('IncludeExpiredCertificates')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1670 - Flaw Remediation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1670\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6108469-57ee-4666-af7e-79ba61c7ae0c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1190 - Configuration Change Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1190\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c66a3d1e-465b-4f28-9da5-aef701b59892\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration / Scanning And Monitoring Capabilities\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c69b870e-857b-458b-af02-bb234f7a00d3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1125 - Audit Reduction And Report Generation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1619 - Information In Shared Resources\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c722e569-cb52-45f3-a643-836547d016e1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation With Physical Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1121\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1353 - Incident Response Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1353\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c785ad59-f78f-44ad-9a7f-d1202318c748\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Email notifications to admins and subscription owners should be enabled in SQL server advanced data security settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that 'email notification to admins and subscription owners' is enabled in the SQL server advanced threat protection settings. This ensures that any detections of anomalous activities on SQL server are reported as soon as possible to the admins.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Batch Account to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Batch Account to stream to a regional Log Analytics workspace when any Batch Account which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Batch/batchAccounts/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"ServiceLog\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c84e5349-db6d-4769-805e-e14037dab9b5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: API App should only be accessible over HTTPS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"OnlyHttpsForApiApp\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1470 - Emergency Shutoff\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1470\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c89ba09f-2e0f-44d0-8095-65b05bd151ef\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Interactive Logon'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Interactive Logon'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsInteractiveLogon\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8abcef9-fc26-482f-b8db-5fa60ee4586d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1018 - Account Management | Role-Based Schemes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1018\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9121abf-e698-4ee9-b1cf-71ee528ff07f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Data Lake Analytics should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'User Rights Assignment'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'User Rights Assignment'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_UserRightsAssignment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c961dac9-5916-42e8-8fb1-703148323994\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c961dac9-5916-42e8-8fb1-703148323994\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs with a pending reboot\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with a pending reboot. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsPendingReboot\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsPendingReboot\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c96f3246-4382-4264-bf6b-af0b35e23c3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups. A storage account with name '{storagePrefixParameter}{NSGLocation}' will be automatically created.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\",\r\n \"description\": \"This prefix will be combined with the network security group location to form the created storage account name.\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"The resource group that the storage account will be created in. This resource group must already exist.\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Storage accounts should allow access from trusted Microsoft services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Some Microsoft services that interact with storage accounts operate from networks that can't be granted access through network rules. To help this type of service work as intended, allow the set of trusted Microsoft services to bypass the network rules. These services will then use strong authentication to access the storage account.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\r\n \"notContains\": \"AzureServices\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9d007d0-c057-4772-b18c-01e546713bcd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1035 - Least Privilege | Authorize Access To Security Functions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca94b046-45e2-444f-a862-dc8ce262a516\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1243\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca9a4469-d6df-4ab2-a42f-1213c396f0ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1306 - Identification And Authentication (Org. Users) | Net. Access To Priv. Accts. - Replay\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1306\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Remote debugging should be turned off for Web Applications\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.remoteDebuggingEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1486 - Alternate Work Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1486\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb790345-a51f-43de-934e-98dbfaf9dca5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1167 - Continuous Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1167\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cbb2be76-4891-430b-95a7-ca0b0a3d1300\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1374 - Incident Response Assistance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1374\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cc5c8616-52ef-4e5e-8000-491634ed9249\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs in which the Administrators group does not contain only the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines in which the Administrators group does not contain only the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AdministratorsGroupMembers\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cc7cda28-f867-4311-8497-a526129a8d19\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cc7cda28-f867-4311-8497-a526129a8d19\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Sensitive data in your SQL databases should be classified\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Azure Security Center monitors the data discovery and classification scan results for your SQL databases and provides recommendations to classify the sensitive data in your databases for better monitoring and security\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedInstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlDataClassification\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1443 - Media Use\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1443\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd0ec6fa-a2e7-4361-aee4-a8688659a9ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit a tag from the resource group\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Adds or replaces the specified tag and value from the parent resource group when any resource is created or updated. Existing resources can be remediated by triggering a remediation task.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[resourceGroup().tags[parameters('tagName')]]\"\r\n },\r\n {\r\n \"value\": \"[resourceGroup().tags[parameters('tagName')]]\",\r\n \"notEquals\": \"\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"addOrReplace\",\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourceGroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd3aa116-8754-49c9-a813-ad46512ece54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"Tags\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1582 - Information System Documentation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1582\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd9e2f38-259b-462c-bfad-0ad7ab4e65c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that allow re-use of the previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that allow re-use of the previous 24 passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1104 - Audit Events\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdd8d244-18b2-4306-a1d1-df175ae0935f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'System Audit Policies - Privilege Use'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Privilege Use'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesPrivilegeUse\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesPrivilegeUse\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ce2370f6-0ac5-4d85-8ab4-10721cc640b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1209 - Configuration Settings\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1209\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ce669c31-9103-4552-ae9c-cdef4e03580d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1242\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf3b3293-667a-445e-a722-fa0b0afc0958\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1097 - Role-Based Security Training | Suspicious Communications And Anomalous System Behavior\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1097\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf3e4836-f19e-47eb-a8cd-c3ca150452c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf55fc87-48e1-4676-a2f8-d9a8cf993283\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Key Vault should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1292\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03516cf-0293-489f-9b32-a18f2a79f836\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1724 - Error Handling\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d07594d1-0307-4c08-94db-5d71ff31f0f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1084 - Publicly Accessible Content\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add or replace a tag on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Adds or replaces the specified tag and value when any resource group is created or updated. Existing resource groups can be remediated by triggering a remediation task.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"addOrReplace\",\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d157c373-a6c4-483d-aaad-570756956268\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce SSL connection should be enabled for PostgreSQL database servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any PostgreSQL server that is not enforcing SSL connection. Azure Database for PostgreSQL prefers connecting your client applications to the PostgreSQL service using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man-in-the-middle' attacks by encrypting the data stream between the server and your application\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\r\n \"notEquals\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d158790f-bfb0-486c-8631-2dc6b4e8e6af\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1620 - Denial Of Service Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1620\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d17c826b-1dec-43e1-a984-7b71c446649c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1409\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1880188-e51a-4772-b2ab-68f5e8bd27f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1195 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1e1d65c-1013-4484-bd54-991332e6a0d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1721 - Spam Protection | Central Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1106 - Audit Events | Reviews And Updates\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1106\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d2b4feae-61ab-423f-a4c5-0e38ac4464d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation Of Information Flows\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d3531453-b869-4606-9122-29c1cd6e7ed1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs on which the DSC configuration is not compliant\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows VMs on which the Desired State Configuration (DSC) configuration is not compliant. This policy is only applicable to machines with WMF 4 and above. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsDscConfiguration\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsDscConfiguration\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d38b4c26-9d2e-47d7-aefe-18d859a8706a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Long-term geo-redundant backup should be enabled for Azure SQL Databases\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Azure SQL Database with long-term geo-redundant backup not enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/weeklyRetention\",\r\n \"notEquals\": \"PT0S\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/monthlyRetention\",\r\n \"notEquals\": \"PT0S\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/yearlyRetention\",\r\n \"notEquals\": \"PT0S\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d38fc420-0735-4ef3-ac11-c806f651a570\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic Or Alternate Physical Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1641\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d39d4f68-7346-4133-8841-15318a714a24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1249 - Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1249\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d3bf4251-0818-42db-950b-afd5b25a51c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1562 - Allocation Of Resources\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1562\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d4142013-7964-4163-a313-a900301c2cef\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Virtual machines should be connected to an approved virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any virtual machine connected to a virtual network that is not approved.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"virtualNetworkId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Virtual network Id\",\r\n \"description\": \"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkInterfaces\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id\",\r\n \"like\": \"[concat(parameters('virtualNetworkId'),'/*')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d416745a-506c-48b6-8ab1-83cb814bcaa3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1383 - Incident Response Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d4558451-e16a-4d2d-a066-fe12a6282bb9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1112 - Response To Audit Processing Failures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d530aad8-4ee2-45f4-b234-c061dae683c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a regional Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"Audit\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Requests\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1585 - Security Engineering Principles\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1585\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d57f8732-5cdc-4cda-8d27-ab148e1f3a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1667 - System And Information Integrity Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1667\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d61880dc-6e38-4f2a-a30c-3406a98f8220\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1150 - Security Assessments | External Organizations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1150\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d630429d-e763-40b1-8fba-d20ba7314afb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Event Hub should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Event Hub not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/virtualNetworkRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d63edb4a-c612-454d-b47d-191a724fcbf0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1549 - Vulnerability Scanning\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1549\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d6976a08-d969-4df2-bb38-29556c2eb48a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1473 - Emergency Power\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1473\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7047705-d719-46a7-8bb0-76ad233eba71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1529 - Third-Party Personnel Security\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1529\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d74fdc92-1cb8-4a34-9978-8556425cd14c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1350 - Identification And Authentication (Non-Org. Users) | Use Of FICAM-Issued Profiles\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1350\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d77fd943-6ba6-4a21-ba07-22b03e347cc4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows Server VMs on which Windows Serial Console is not enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows Server virtual machines on which Windows Serial Console is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsSerialConsole\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7ccd0ca-8d78-42af-a43d-6b7f928accbc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1016 - Account Management | Automated Audit Actions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d8b43277-512e-40c3-ab00-14b3b6e72238\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1488 - Alternate Work Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1488\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d8ef30eb-a44f-47af-8524-ac19a36d41d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d922484a-8cfc-4a6b-95a4-77d6a685407f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da3bfb53-9c46-4010-b3db-a7ba1296dada\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1516 - Personnel Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da3cd269-156f-435b-b472-c3af34c032ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Batch Account to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Batch Account to stream to a regional Event Hub when any Batch Account which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Batch/batchAccounts/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"ServiceLog\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"db51110f-0865-4a6e-b274-e2e07a5b2cd7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dc43e829-3d50-4a0a-aa0f-428d551862aa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1439 - Media Sanitization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dce72873-c5f1-47c3-9b4f-6b8207fd5a45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1264\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd280d4b-50a1-42fb-a479-ece5878acf19\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - Policy Change'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Policy Change'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesPolicyChange\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd4680ed-0559-4a6a-ad10-081d14cbb484\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1715 - Software, Firmware, And Information Integrity | Automated Response To Integrity Violations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1715\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd469ae0-71a8-4adc-aafc-de6949ca3339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1678 - Malicious Code Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1678\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd533cb0-b416-4be7-8e86-4d154824dfd7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1391 - Information Spillage Response | Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1391\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd6ac1a1-660e-4810-baa8-74e868e2ed47\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1146 - Security Assessments\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1146\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd83410c-ecb6-4547-8f14-748c3cbdc7ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1602 - Developer Security Testing And Evaluation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1602\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ddae2e97-a449-499f-a1c8-aea4a7e52ec9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Settings - Account Policies'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Settings - Account Policies'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecuritySettingsAccountPolicies\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ddb53c61-9db4-41d4-a953-2abff5b66c12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ddb53c61-9db4-41d4-a953-2abff5b66c12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Security Options - Recovery console'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Recovery console'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery console: Allow floppy copy and access to all drives and all folders\",\r\n \"description\": \"Specifies whether to make the Recovery Console SET command available, which allows setting of recovery console environment variables.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsRecoveryconsole\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Recovery console: Allow floppy copy and access to all drives and all folders;ExpectedValue', '=', parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsRecoveryconsole\"\r\n },\r\n \"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"value\": \"[parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Recovery console: Allow floppy copy and access to all drives and all folders;ExpectedValue\",\r\n \"value\": \"[parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1689 - Information System Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1689\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"de901f2f-a01a-4456-97f0-33cda7966172\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1528 - Access Agreements\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"deb9797c-22f8-40e8-b342-a84003c924e6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dff0b90d-5a6f-491c-b2f8-b90aa402d844\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Cosmos DB should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Cosmos DB not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1206 - Access Restrictions For Change | Limit Production / Operational Privileges\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1206\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e0de232d-02a0-4652-872d-88afb4ae5e91\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell execution policy\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines where Windows PowerShell is not configured to use the specified PowerShell execution policy. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ExecutionPolicy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"PowerShell Execution Policy\",\r\n \"description\": \"The expected PowerShell execution policy.\"\r\n },\r\n \"allowedValues\": [\r\n \"AllSigned\",\r\n \"Bypass\",\r\n \"Default\",\r\n \"RemoteSigned\",\r\n \"Restricted\",\r\n \"Undefined\",\r\n \"Unrestricted\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsPowerShellExecutionPolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy', '=', parameters('ExecutionPolicy')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsPowerShellExecutionPolicy\"\r\n },\r\n \"ExecutionPolicy\": {\r\n \"value\": \"[parameters('ExecutionPolicy')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExecutionPolicy\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy\",\r\n \"value\": \"[parameters('ExecutionPolicy')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy\",\r\n \"value\": \"[parameters('ExecutionPolicy')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e0efc13a-122a-47c5-b817-2ccfe5d12615\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1714 - Software, Firmware, And Information Integrity | Automated Notifications Of Integrity Violations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1714\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e12494fa-b81e-4080-af71-7dbacc2da0ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1686 - Information System Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1686\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e17085c5-0be8-4423-b39b-a52d3d1402e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1722 - Spam Protection | Automatic Updates\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1da06bd-25b6-4127-a301-c313d6873fff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerabilities in security configuration on your machines should be remediated\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1047 - System Use Notification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1276\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e214e563-1206-4a43-a56b-ac5880c9c571\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1560 - System And Services Acquisition Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1560\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e29e0915-5c2f-4d09-8806-048b749ad763\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'HTTP Version' is the latest, if used to run the Function app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.http20Enabled\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2c1c086-2d84-4019-bff3-c44ccd95113c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\",\r\n \"12-SP3\",\r\n \"12-SP4\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1161 - Continuous Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1387 - Information Spillage Response\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1387\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3007185-3857-43a9-8237-06ca94f1084c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1479 - Fire Protection | Automatic Fire Suppression\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1479\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e327b072-281d-4f75-9c28-4216e5d72f26\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure VPN gateways should not use 'basic' SKU\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy ensures that VPN gateways do not use 'basic' SKU.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworkGateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworkGateways/gatewayType\",\r\n \"equals\": \"Vpn\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworkGateways/sku.tier\",\r\n \"equals\": \"Basic\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MFA should be enabled on accounts with read permissions on your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Shutdown'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Shutdown'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsShutdown\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3a77a94-cf41-4ee8-b45c-98be28841c03\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3a77a94-cf41-4ee8-b45c-98be28841c03\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Security Settings - Account Policies'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Settings - Account Policies'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"EnforcePasswordHistory\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enforce password history\",\r\n \"description\": \"Specifies limits on password reuse - how many times a new password must be created for a user account before the password can be repeated.\"\r\n },\r\n \"defaultValue\": \"24\"\r\n },\r\n \"MaximumPasswordAge\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Maximum password age\",\r\n \"description\": \"Specifies the maximum number of days that may elapse before a user account password must be changed. The format of the value is two integers separated by a comma, denoting an inclusive range.\"\r\n },\r\n \"defaultValue\": \"1,70\"\r\n },\r\n \"MinimumPasswordAge\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Minimum password age\",\r\n \"description\": \"Specifies the minimum number of days that must elapse before a user account password can be changed.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"MinimumPasswordLength\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Minimum password length\",\r\n \"description\": \"Specifies the minimum number of characters that a user account password may contain.\"\r\n },\r\n \"defaultValue\": \"14\"\r\n },\r\n \"PasswordMustMeetComplexityRequirements\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Password must meet complexity requirements\",\r\n \"description\": \"Specifies whether a user account password must be complex. If required, a complex password must not contain part of user's account name or full name; be at least 6 characters long; contain a mix of uppercase, lowercase, number, and non-alphabetic characters.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecuritySettingsAccountPolicies\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Enforce password history;ExpectedValue', '=', parameters('EnforcePasswordHistory'), ',', 'Maximum password age;ExpectedValue', '=', parameters('MaximumPasswordAge'), ',', 'Minimum password age;ExpectedValue', '=', parameters('MinimumPasswordAge'), ',', 'Minimum password length;ExpectedValue', '=', parameters('MinimumPasswordLength'), ',', 'Password must meet complexity requirements;ExpectedValue', '=', parameters('PasswordMustMeetComplexityRequirements')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecuritySettingsAccountPolicies\"\r\n },\r\n \"EnforcePasswordHistory\": {\r\n \"value\": \"[parameters('EnforcePasswordHistory')]\"\r\n },\r\n \"MaximumPasswordAge\": {\r\n \"value\": \"[parameters('MaximumPasswordAge')]\"\r\n },\r\n \"MinimumPasswordAge\": {\r\n \"value\": \"[parameters('MinimumPasswordAge')]\"\r\n },\r\n \"MinimumPasswordLength\": {\r\n \"value\": \"[parameters('MinimumPasswordLength')]\"\r\n },\r\n \"PasswordMustMeetComplexityRequirements\": {\r\n \"value\": \"[parameters('PasswordMustMeetComplexityRequirements')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"EnforcePasswordHistory\": {\r\n \"type\": \"string\"\r\n },\r\n \"MaximumPasswordAge\": {\r\n \"type\": \"string\"\r\n },\r\n \"MinimumPasswordAge\": {\r\n \"type\": \"string\"\r\n },\r\n \"MinimumPasswordLength\": {\r\n \"type\": \"string\"\r\n },\r\n \"PasswordMustMeetComplexityRequirements\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Enforce password history;ExpectedValue\",\r\n \"value\": \"[parameters('EnforcePasswordHistory')]\"\r\n },\r\n {\r\n \"name\": \"Maximum password age;ExpectedValue\",\r\n \"value\": \"[parameters('MaximumPasswordAge')]\"\r\n },\r\n {\r\n \"name\": \"Minimum password age;ExpectedValue\",\r\n \"value\": \"[parameters('MinimumPasswordAge')]\"\r\n },\r\n {\r\n \"name\": \"Minimum password length;ExpectedValue\",\r\n \"value\": \"[parameters('MinimumPasswordLength')]\"\r\n },\r\n {\r\n \"name\": \"Password must meet complexity requirements;ExpectedValue\",\r\n \"value\": \"[parameters('PasswordMustMeetComplexityRequirements')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3d95ab7-f47a-49d8-a347-784177b6c94c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1451 - Physical Access Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1451\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f1e5a3-25c1-4476-8cb6-3955031f8e65\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1357 - Incident Response Training | Automated Training Environments\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1357\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e4213689-05e8-4241-9d4e-8dd1cdafd105\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Security Options - User Account Control'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - User Account Control'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"UACAdminApprovalModeForTheBuiltinAdministratorAccount\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Admin Approval Mode for the Built-in Administrator account\",\r\n \"description\": \"Specifies the behavior of Admin Approval Mode for the built-in Administrator account.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Behavior of the elevation prompt for administrators in Admin Approval Mode\",\r\n \"description\": \"Specifies the behavior of the elevation prompt for administrators.\"\r\n },\r\n \"defaultValue\": \"2\"\r\n },\r\n \"UACDetectApplicationInstallationsAndPromptForElevation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Detect application installations and prompt for elevation\",\r\n \"description\": \"Specifies the behavior of application installation detection for the computer.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"UACRunAllAdministratorsInAdminApprovalMode\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Run all administrators in Admin Approval Mode\",\r\n \"description\": \"Specifies the behavior of all User Account Control (UAC) policy settings for the computer.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsUserAccountControl\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('User Account Control: Admin Approval Mode for the Built-in Administrator account;ExpectedValue', '=', parameters('UACAdminApprovalModeForTheBuiltinAdministratorAccount'), ',', 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode;ExpectedValue', '=', parameters('UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'), ',', 'User Account Control: Detect application installations and prompt for elevation;ExpectedValue', '=', parameters('UACDetectApplicationInstallationsAndPromptForElevation'), ',', 'User Account Control: Run all administrators in Admin Approval Mode;ExpectedValue', '=', parameters('UACRunAllAdministratorsInAdminApprovalMode')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsUserAccountControl\"\r\n },\r\n \"UACAdminApprovalModeForTheBuiltinAdministratorAccount\": {\r\n \"value\": \"[parameters('UACAdminApprovalModeForTheBuiltinAdministratorAccount')]\"\r\n },\r\n \"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode\": {\r\n \"value\": \"[parameters('UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode')]\"\r\n },\r\n \"UACDetectApplicationInstallationsAndPromptForElevation\": {\r\n \"value\": \"[parameters('UACDetectApplicationInstallationsAndPromptForElevation')]\"\r\n },\r\n \"UACRunAllAdministratorsInAdminApprovalMode\": {\r\n \"value\": \"[parameters('UACRunAllAdministratorsInAdminApprovalMode')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"UACAdminApprovalModeForTheBuiltinAdministratorAccount\": {\r\n \"type\": \"string\"\r\n },\r\n \"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode\": {\r\n \"type\": \"string\"\r\n },\r\n \"UACDetectApplicationInstallationsAndPromptForElevation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UACRunAllAdministratorsInAdminApprovalMode\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"User Account Control: Admin Approval Mode for the Built-in Administrator account;ExpectedValue\",\r\n \"value\": \"[parameters('UACAdminApprovalModeForTheBuiltinAdministratorAccount')]\"\r\n },\r\n {\r\n \"name\": \"User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode;ExpectedValue\",\r\n \"value\": \"[parameters('UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode')]\"\r\n },\r\n {\r\n \"name\": \"User Account Control: Detect application installations and prompt for elevation;ExpectedValue\",\r\n \"value\": \"[parameters('UACDetectApplicationInstallationsAndPromptForElevation')]\"\r\n },\r\n {\r\n \"name\": \"User Account Control: Run all administrators in Admin Approval Mode;ExpectedValue\",\r\n \"value\": \"[parameters('UACRunAllAdministratorsInAdminApprovalMode')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e425e402-a050-45e5-b010-bd3f934589fc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1340 - Authenticator Management | No Embedded Unencrypted Static Authenticators\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1340\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e51ff84b-e5ea-408f-b651-2ecc2933e4c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1381 - Incident Response Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1381\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e5368258-9684-4567-8126-269f34e65eab\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1421 - Maintenance Personnel\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1421\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e539caaa-da8c-41b8-9e1e-449851e2f7a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1716 - Software, Firmware, And Information Integrity | Integration Of Detection And Response\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1716\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e54c325e-42a0-4dcf-b105-046e0f6f590f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1023 - Account Management | Usage Conditions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1023\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e55698b6-3dea-4aa9-99b9-d8218c6ab6e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1296\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e57b98a0-a011-4956-a79d-5d17ed8b8e48\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1499 - Rules Of Behavior\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1499\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e59671ab-9720-4ee2-9c60-170e8c82251e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Security Options - Accounts'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Accounts'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"AccountsGuestAccountStatus\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Accounts: Guest account status\",\r\n \"description\": \"Specifies whether the local Guest account is disabled.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsAccounts\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Accounts: Guest account status;ExpectedValue', '=', parameters('AccountsGuestAccountStatus')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsAccounts\"\r\n },\r\n \"AccountsGuestAccountStatus\": {\r\n \"value\": \"[parameters('AccountsGuestAccountStatus')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AccountsGuestAccountStatus\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Accounts: Guest account status;ExpectedValue\",\r\n \"value\": \"[parameters('AccountsGuestAccountStatus')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e5b81f87-9185-4224-bf00-9f505e9f89f3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access To Information Systems\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1465\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e6e41554-86b5-4537-9f7f-4fc41a1d1640\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Subnets should be associated with a Network Security Group\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Protect your subnet from potential threats by restricting access to it with a Network Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules that allow or deny network traffic to your subnet.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"networkSecurityGroupsOnSubnets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e71308d3-144b-4262-b144-efdc3cc90517\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1567 - System Development Life Cycle\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1567\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e72edbf6-aa61-436d-a227-0f32b77194b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1311 - Identifier Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1311\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7568697-0c9e-4ea3-9cec-9e567d14f3c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Advanced Threat Protection types should be set to 'All' in SQL server Advanced Data Security settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]\",\r\n \"equals\": \"\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e756b945-1b1b-480b-8de8-9a0859d5f7ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1154 - System Interconnections | Unclassified Non-National Security System Connections\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1154\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1273 - Alternate Processing Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1273\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e77fcbf2-a1e8-44f1-860e-ed6583761e65\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1169 - Continuous Monitoring | Trend Analyses\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1169\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7ba2cb3-5675-4468-8b50-8486bdd998a5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce SSL connection should be enabled for MySQL database servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any MySQL server that is not enforcing SSL connection. Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforMySQL/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\r\n \"notEquals\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e802a67a-daf5-4436-9ea6-f6d821dd0c5d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1237 - Software Usage Restrictions | Open Source Software\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e80b6812-0bfa-4383-8223-cdd86a46a890\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerabilities in container security configurations should be remediated\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit vulnerabilities in security configuration on machines with Docker installed and display as recommendations in Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ContainerBenchmark\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e8cbc669-f12d-49eb-93e7-9273119e9933\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Data Lake Storage Gen1 to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Data Lake Storage Gen1 to stream to a regional Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"Audit\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Requests\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1626 - Boundary Protection | External Telecommunications Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1626\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e8f6bddd-6d67-439a-88d4-c5fe39a79341\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e901375c-8f01-4ac8-9183-d5312f47fe63\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1723 - Information Input Validation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e91927a0-ac1d-44a0-95f8-5185f9dfce9f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1200 - Security Impact Analysis\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e98fe9d7-2ed3-44f8-93b7-24dca69783ff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1487 - Alternate Work Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1487\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c3371d-c30c-4f58-abd9-30b8a8199571\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Remote debugging should be turned off for API Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API apps. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.remoteDebuggingEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea3e8156-89a1-45b1-8bd6-938abc79fdfd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit a tag from the resource group if missing\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Adds the specified tag with its value from the parent resource group when any resource missing this tag is created or updated. Existing resources can be remediated by triggering a remediation task. If the tag exists with a different value it will not be changed.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"value\": \"[resourceGroup().tags[parameters('tagName')]]\",\r\n \"notEquals\": \"\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"add\",\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourceGroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ea3f2387-9b95-492a-a190-fcdc54f7b070\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea3f2387-9b95-492a-a190-fcdc54f7b070\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Key Vault should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Key Vault not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.KeyVault/vaults/networkAcls.defaultAction\",\r\n \"notEquals\": \"Deny\"\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea4d6841-2173-4317-9747-ff522a45120f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1422 - Maintenance Personnel\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea556850-838d-4a37-8ce5-9d7642f95e11\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1542 - Risk Assessment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eab340d0-3d55-4826-a0e5-feebfeb0131d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure Function app has 'Client Certificates (Incoming client certificates)' set to 'On'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/clientCertEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eaebaea7-8013-4ceb-9d14-7eb32271373c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1064 - Remote Access | Privileged Commands / Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1064\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1321 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1321\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eb627cc6-3a9d-46b5-96b7-5fca49178a37\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Log checkpoints should be enabled for PostgreSQL database servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy helps audit any PostgreSQL databases in your environment without log_checkpoints setting enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.DBforPostgreSQL/servers/configurations\",\r\n \"name\": \"log_checkpoints\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/configurations/value\",\r\n \"equals\": \"ON\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Log connections should be enabled for PostgreSQL database servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy helps audit any PostgreSQL databases in your environment without log_connections setting enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.DBforPostgreSQL/servers/configurations\",\r\n \"name\": \"log_connections\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/configurations/value\",\r\n \"equals\": \"ON\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eb6f77b9-bd53-4e35-a23d-7f65d5f0e442\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Disconnections should be logged for PostgreSQL database servers.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy helps audit any PostgreSQL databases in your environment without log_disconnections enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.DBforPostgreSQL/servers/configurations\",\r\n \"name\": \"log_disconnections\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/configurations/value\",\r\n \"equals\": \"ON\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eb6f77b9-bd53-4e35-a23d-7f65d5f0e446\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Log duration should be enabled for PostgreSQL database servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy helps audit any PostgreSQL databases in your environment without log_duration setting enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.DBforPostgreSQL/servers/configurations\",\r\n \"name\": \"log_duration\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/configurations/value\",\r\n \"equals\": \"ON\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deprecated accounts with owner permissions should be removed from your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Linux virtual machines that allow remote connections from accounts without passwords. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Administrative Templates - Control Panel'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Administrative Templates - Control Panel'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdministrativeTemplatesControlPanel\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_AdministrativeTemplatesControlPanel\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec7ac234-2af5-4729-94d2-c557c071799d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eca4d7b2-65e2-4e04-95d4-c68606b063c3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1622 - Boundary Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ecf56554-164d-499a-8d00-206b07c27bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a regional Event Hub when any Key Vault which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('vaultName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled diagnostic settings for ', parameters('vaultName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ed7c8c13-51e7-49d1-8a43-8490431a0da2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1217 - Least Functionality | Periodic Review\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1217\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"edea4f20-b02c-4115-be75-86c080e5c0ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a regional Event Hub when any Stream Analytics which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"Execution\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Authoring\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"edf3780c-3d70-40fe-b17e-ab72013dafca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1189 - Configuration Change Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ee45e02a-4140-416c-82c4-fecfea660b9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1089 - Security Awareness Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1089\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef080e67-0d1a-4f76-a0c5-fb9b0358485e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1314 - Identifier Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1314\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef0c8530-efd9-45b8-b753-f03083d06295\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1128 - Time Stamps\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1128\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef212163-3bc4-4e86-bcf8-705127086393\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerability assessment should be enabled on your SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit Azure SQL servers which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/vulnerabilityAssessments\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Event Hub to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Event Hub to stream to a regional Event Hub when any Event Hub which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.EventHub/namespaces/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"ArchiveLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"OperationalLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"AutoScaleLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"KafkaCoordinatorLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"EventHubVNetConnectionEvent\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"CustomerManagedKeyUserLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef7b61ef-b8e4-4c91-8e78-6946c6b0023f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1472 - Emergency Shutoff\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1472\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef869332-921d-4c28-9402-3be73e6e50c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"The Log Analytics agent should be installed on Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"in\": [\r\n \"MicrosoftMonitoringAgent\",\r\n \"OmsAgentForLinux\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"efbde977-ba53-4479-b8e9-10b957924fbf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1012 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1012\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"efd7b9ae-1db6-4eb6-b0fe-87e6565f9738\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1358 - Incident Response Testing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1358\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"effbaeef-5bf4-400d-895e-ef8cbc0e64c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that Register with Azure Active Directory is enabled on Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Managed service identity in App Service makes the app more secure by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in the app service, the app will connect to other Azure services securely without the need of username and passwords\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.managedServiceIdentityId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0473e7a-a1ba-4e86-afb2-e829e11b01d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs that have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that have the specified applications installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names (supports wildcards)\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should not be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[InstalledApplication]NotInstalledApplicationResource1;Name', '=', parameters('ApplicationName')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1531 - Third-Party Personnel Security\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1531\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0643e0c-eee5-4113-8684-c608d05c5236\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Latest TLS version should be used in your Web App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Upgrade to the latest TLS version\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"equals\": \"1.2\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1028 - Information Flow Enforcement\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1028\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f171df5c-921b-41e9-b12b-50801c315475\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Virtual networks should use specified virtual network gateway\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any virtual network if the default route does not point to the specified virtual network gateway.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"virtualNetworkGatewayId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Virtual network gateway Id\",\r\n \"description\": \"Resource Id of the virtual network gateway. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/virtualNetworks/subnets\",\r\n \"name\": \"GatewaySubnet\",\r\n \"existenceCondition\": {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/ipConfigurations[*].id\",\r\n \"notContains\": \"[concat(parameters('virtualNetworkGatewayId'), '/')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f1776c76-f58c-4245-a8d0-2b207198dc8b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Linux virtual machines that do not have the passwd file permissions set to 0644. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Adminstrative Templates - MSS (Legacy)'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Adminstrative Templates - MSS (Legacy)'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdminstrativeTemplatesMSSLegacy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_AdminstrativeTemplatesMSSLegacy\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f1f4825d-58fb-4257-8016-8c00e3c9ed9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1701 - Information System Monitoring | Host-Based Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1701\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f25bc08f-27cb-43b6-9a23-014d00700426\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1457 - Physical Access Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1457\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f2d9d3e6-8886-4305-865d-639163e5c305\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1309 - Identification And Authentication (Org. Users) | Acceptance Of Piv Credentials\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1309\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f355d62b-39a8-4ba3-abf7-90f71cb3b000\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1615 - System And Communications Protection Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1615\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f35e02aa-0a55-49f8-8811-8abfa7e6f2c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1255\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f3793f5e-937f-44f7-bfba-40647ef3efa0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs in which the Administrators group does not contain all of the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines in which the Administrators group does not contain all of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AdministratorsGroupMembersToInclude\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f3b44e5d-1456-475f-9c67-c66c4618e85a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that do not contain the specified certificates in Trusted Root\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows VMs that do not contain the specified certificates in the Trusted Root Certification Authorities certificate store (Cert:\\\\LocalMachine\\\\Root). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsCertificateInTrustedRoot\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f3b9ad83-000d-4dc1-bff0-6d54533dd03f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1706 - Security Alerts, Advisories, And Directives\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1706\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f475ee0e-f560-4c9b-876b-04a77460a404\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Authorization rules on the Event Hub instance should be defined\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that do not have the password complexity setting enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not have the password complexity setting enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1495 - System Security Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1495\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4978d0e-a596-48e7-9f8c-bbf52554ce8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that have not restarted within the specified number of days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that have not restarted within the specified number of days. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"NumberOfDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Number of days\",\r\n \"description\": \"The number of days without restart until the machine is considered non-compliant\"\r\n },\r\n \"defaultValue\": \"12\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MachineLastBootUpTime\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[MachineUpTime]MachineLastBootUpTime;NumberOfDays', '=', parameters('NumberOfDays')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MachineLastBootUpTime\"\r\n },\r\n \"NumberOfDays\": {\r\n \"value\": \"[parameters('NumberOfDays')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"NumberOfDays\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[MachineUpTime]MachineLastBootUpTime;NumberOfDays\",\r\n \"value\": \"[parameters('NumberOfDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[MachineUpTime]MachineLastBootUpTime;NumberOfDays\",\r\n \"value\": \"[parameters('NumberOfDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4b245d4-46c9-42be-9b1a-49e2b5b94194\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1469 - Power Equipment And Cabling\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1618 - Security Function Isolation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1618\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f52f89aa-4489-4ec4-950e-8c96a036baa9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'Security Options - Network Access'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Network Access'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"NetworkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Remotely accessible registry paths\",\r\n \"description\": \"Specifies which registry paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key.\"\r\n },\r\n \"defaultValue\": \"System\\\\CurrentControlSet\\\\Control\\\\ProductOptions|#|System\\\\CurrentControlSet\\\\Control\\\\Server Applications|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Remotely accessible registry paths and sub-paths\",\r\n \"description\": \"Specifies which registry paths and sub-paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key.\"\r\n },\r\n \"defaultValue\": \"System\\\\CurrentControlSet\\\\Control\\\\Print\\\\Printers|#|System\\\\CurrentControlSet\\\\Services\\\\Eventlog|#|Software\\\\Microsoft\\\\OLAP Server|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Print|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows|#|System\\\\CurrentControlSet\\\\Control\\\\ContentIndex|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\UserConfig|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\DefaultUserConfiguration|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Perflib|#|System\\\\CurrentControlSet\\\\Services\\\\SysmonLog\"\r\n },\r\n \"NetworkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Shares that can be accessed anonymously\",\r\n \"description\": \"Specifies which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsNetworkAccess\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Network access: Remotely accessible registry paths;ExpectedValue', '=', parameters('NetworkAccessRemotelyAccessibleRegistryPaths'), ',', 'Network access: Remotely accessible registry paths and sub-paths;ExpectedValue', '=', parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'), ',', 'Network access: Shares that can be accessed anonymously;ExpectedValue', '=', parameters('NetworkAccessSharesThatCanBeAccessedAnonymously')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsNetworkAccess\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPaths')]\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths')]\"\r\n },\r\n \"NetworkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"value\": \"[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Network access: Remotely accessible registry paths;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPaths')]\"\r\n },\r\n {\r\n \"name\": \"Network access: Remotely accessible registry paths and sub-paths;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths')]\"\r\n },\r\n {\r\n \"name\": \"Network access: Shares that can be accessed anonymously;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f56a3ab2-89d1-44de-ac0d-2ada5962e22a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1198 - Configuration Change Control | Security Representative\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1198\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f56be5c3-660b-4c61-9078-f67cf072c356\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1328 - Authenticator Management | Password-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1328\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f5c66fdc-3d02-4034-9db5-ba57802609de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1193 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1193\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f5fd629f-3075-4cae-ab53-bad65495a4ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Virtual machines should be associated with a Network Security Group\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Protect your VM from potential threats by restricting access to it with a Network Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules that allow or deny network traffic to your VM from other instances, in or outside the same subnet.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"networkSecurityGroupsOnVirtualMachines\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1214 - Least Functionality\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1214\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f714a4e2-b580-47b6-ae8c-f2812d3750f3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1591 - External Information System Services | Ident. Of Functions / Ports / Protocols / Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1591\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f751cdb7-fbee-406b-969b-815d367cb9b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1330 - Authenticator Management | Password-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1330\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f75cedb2-5def-4b31-973e-b69e8c7bd031\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1540 - Security Categorization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f771f8cb-6642-45cc-9a15-8a41cd5c6977\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1449 - Physical Access Authorizations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1506 - Personnel Security Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs that do not have the specified Windows PowerShell execution policy\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines where Windows PowerShell is not configured to use the specified PowerShell execution policy. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsPowerShellExecutionPolicy\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8036bd0-c10b-4931-86bb-94a878add855\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1705 - Security Alerts, Advisories, And Directives\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f82e3639-fa2b-4e06-a786-932d8379b972\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"External accounts with owner permissions should be removed from your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1345 - Cryptographic Module Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1065 - Remote Access | Privileged Commands / Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1065\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f87b8085-dca9-4cf1-8f7b-9822b997797c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy requirements to audit Windows VMs configurations in 'System Audit Policies - System'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - System'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"AuditOtherSystemEvents\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Other System Events\",\r\n \"description\": \"Specifies whether audit events are generated for Windows Firewall Service and Windows Firewall driver start and stop events, failure events for these services and Windows Firewall Service policy processing failures.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesSystem\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Audit Other System Events;ExpectedValue', '=', parameters('AuditOtherSystemEvents')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesSystem\"\r\n },\r\n \"AuditOtherSystemEvents\": {\r\n \"value\": \"[parameters('AuditOtherSystemEvents')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditOtherSystemEvents\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Other System Events;ExpectedValue\",\r\n \"value\": \"[parameters('AuditOtherSystemEvents')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8b0158d-4766-490f-bea0-259e52dba473\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Service Bus should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement / Auditing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1203\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9012d14-e3e6-4d7b-b926-9f37b5537066\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert Exfiltration\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1697\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9873db2-18ad-46b3-a11a-1a1f8cbf0335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1478 - Fire Protection | Suppression Devices / Systems\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1478\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f997df46-cfbb-4cc8-aac8-3fecdaf6a183\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1535 - Personnel Sanctions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9a165d2-967d-4733-8399-1074270dae2e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1108 - Content Of Audit Records | Additional Audit Information\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9ad559e-c12d-415e-9a78-e50fdd7da7ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Azure Stream Analytics should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Latest TLS version should be used in your Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Upgrade to the latest TLS version\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"equals\": \"1.2\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9d614c5-c173-4d56-95a7-b4437057d193\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fa108498-b3a8-4ffb-9e79-1107e76afad3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1037 - Least Privilege | Network Access To Privileged Commands\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fa4c2a3d-1294-41a3-9ada-0e540471e9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1435 - Media Transport\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1435\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fa8d221b-d130-4637-ba16-501e666628bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1675\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"facb66e0-1c48-478a-bed5-747a312323e1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to enable Guest Configuration Policy on Linux VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a system-assigned managed identity and deploys the VM extension for Guest Configuration on Linux VMs. This is a prerequisites for Guest Configuration Policy and must be assigned to the scope before using any Guest Configuration policy. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"AzurePolicyforLinux\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.GuestConfiguration\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"ConfigurationforLinux\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1086 - Publicly Accessible Content\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1086\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fb321e6f-16a0-4be3-878f-500956e309c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1222 - Information System Component Inventory\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1222\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fb39e62f-6bda-4558-8088-ec03d5670914\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Upgrade your Kubernetes service cluster to a later Kubernetes version to protect against known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946 has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"in\": [\r\n \"1.13.4\",\r\n \"1.13.3\",\r\n \"1.13.2\",\r\n \"1.13.1\",\r\n \"1.13.0\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"in\": [\r\n \"1.12.6\",\r\n \"1.12.5\",\r\n \"1.12.4\",\r\n \"1.12.3\",\r\n \"1.12.2\",\r\n \"1.12.1\",\r\n \"1.12.0\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"in\": [\r\n \"1.11.8\",\r\n \"1.11.7\",\r\n \"1.11.6\",\r\n \"1.11.5\",\r\n \"1.11.4\",\r\n \"1.11.3\",\r\n \"1.11.2\",\r\n \"1.11.1\",\r\n \"1.11.0\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.10.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.9.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.8.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.7.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.5.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.4.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.3.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.2.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.1.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.0.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fb893a29-21bb-418c-a157-e99480ec364c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1075\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fc933d22-04df-48ed-8f87-22a3773d4309\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Client'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Microsoft Network Client'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notEquals\": \"SQL2008R2SP3-WS2008R2SP1\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsMicrosoftNetworkClient\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fcbc55c9-f25a-4e55-a6cb-33acb3be778b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1318 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1318\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fced5fda-3bdb-4d73-bfea-0e2c80428b66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1543 - Risk Assessment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1543\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fd00b778-b5b5-49c0-a994-734ea7bd3624\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1707 - Security Alerts, Advisories, And Directives | Automated Alerts And Advisories\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1707\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fd4a2ac8-868a-4702-a345-6c896c3361ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1299 - Identification And Authentication Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1299\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fd4e54f7-9ab0-4bae-b6cc-457809948a89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1627 - Boundary Protection | External Telecommunications Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1627\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fd73310d-76fc-422d-bda4-3a077149f179\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time Source\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1611 - Developer-Provided Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1611\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1405 - Maintenance Tools | Inspect Tools\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1613 - Developer Security Architecture And Design\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fe2ad78b-8748-4bff-a924-f74dfca93f30\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Linux VMs that do not have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that do not have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerabilities on your SQL databases should be remediated\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ff9fbd83-1d8d-4b41-aac2-94cb44b33976\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1158 - Security Authorization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fff50cf2-28eb-45b4-b378-c99412688907\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage certificate validity period\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages the maximum validity period for certificates in months.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"maximumValidityInMonths\": {\r\n \"type\": \"Integer\",\r\n \"metadata\": {\r\n \"displayName\": \"The maximum validity in months\",\r\n \"description\": \"The limit to how long a certificate may be valid for. Certificates with lengthy validity periods aren't best practice.\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths\",\r\n \"greater\": \"[parameters('maximumValidityInMonths')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a075868-4c26-42ef-914c-5bc007359560\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Ensure containers listen only on allowed ports in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy enforces containers to listen only on allowed ports in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"allowedContainerPortsRegex\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed container ports regex\",\r\n \"description\": \"Regex representing container ports allowed in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"ContainerAllowedPorts\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego\",\r\n \"policyParameters\": {\r\n \"allowedContainerPortsRegex\": \"[parameters('allowedContainerPortsRegex')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0f636243-1b1c-4d50-880f-310f6199f2cb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage allowed certificate key types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages the allowed key types for certificates.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"allowedKeyTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed key types\",\r\n \"description\": \"The list of allowed certificate key types.\"\r\n },\r\n \"allowedValues\": [\r\n \"RSA\",\r\n \"RSA-HSM\",\r\n \"EC\",\r\n \"EC-HSM\"\r\n ],\r\n \"defaultValue\": [\r\n \"RSA\",\r\n \"RSA-HSM\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType\",\r\n \"notIn\": \"[parameters('allowedKeyTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1151cede-290b-4ba0-8b38-0ad145ac888f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage certificate lifetime action triggers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages the configuration for certificate lifetime action triggers before certificate expiration.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"maximumPercentageLife\": {\r\n \"type\": \"Integer\",\r\n \"metadata\": {\r\n \"displayName\": \"The maximum lifetime percentage\",\r\n \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\r\n }\r\n },\r\n \"minimumDaysBeforeExpiry\": {\r\n \"type\": \"Integer\",\r\n \"metadata\": {\r\n \"displayName\": \"The minimum days before expiry\",\r\n \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry\",\r\n \"less\": \"[parameters('minimumDaysBeforeExpiry')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage\",\r\n \"greater\": \"[parameters('maximumPercentageLife')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12ef42cb-9903-4e39-9c26-422d29570417\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Enforce labels on pods in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy enforces the specified labels are provided for pods in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"commaSeparatedListOfLabels\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Comma-separated list of labels\",\r\n \"description\": \"A comma-separated list of labels to be specified on Pods in Kubernetes cluster. E.g. test1,test2\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"PodEnforceLabels\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego\",\r\n \"policyParameters\": {\r\n \"commaSeparatedListOfLabels\": \"[parameters('commaSeparatedListOfLabels')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16c6ca72-89d2-4798-b87e-496f9de7fcb7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Enforce HTTPS ingress in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Ensure services listen only on allowed ports in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy enforces services to listen only on allowed ports in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"allowedServicePortsList\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed service ports list\",\r\n \"description\": \"The list of service ports allowed in a Kubernetes cluster.\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml\",\r\n \"values\": {\r\n \"allowedServicePorts\": \"[parameters('allowedServicePortsList')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"233a2a17-77ca-4fb1-9b6b-69223d272a44\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Ensure services listen only on allowed ports in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy enforces services to listen only on allowed ports in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"allowedServicePortsRegex\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed service ports regex\",\r\n \"description\": \"Regex representing service ports allowed in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"ServiceAllowedPorts\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego\",\r\n \"policyParameters\": {\r\n \"allowedServicePortsRegex\": \"[parameters('allowedServicePortsRegex')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25dee3db-6ce0-4c02-ab5d-245887b24077\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Enforce HTTPS ingress in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"HttpsIngressOnly\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Enforce internal load balancers in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy enforces load balancers do not have public IPs in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Ensure containers listen only on allowed ports in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy enforces containers to listen only on allowed ports in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"allowedContainerPortsList\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed container ports list\",\r\n \"description\": \"The list of container ports allowed in a Kubernetes cluster.\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml\",\r\n \"values\": {\r\n \"allowedContainerPorts\": \"[parameters('allowedContainerPortsList')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"440b515e-a580-421e-abeb-b159a61ddcbc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Enforce labels on pods in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy enforces the specified labels are provided for pods in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"labelsList\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of labels\",\r\n \"description\": \"The list of labels to be specified on Pods in a Kubernetes cluster.\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml\",\r\n \"values\": {\r\n \"labels\": \"[parameters('labelsList')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46592696-4c7b-4bf3-9e45-6c2763bdc0a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Ensure only allowed container images in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy ensures only allowed container images are running in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"allowedContainerImagesRegex\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed container images regex\",\r\n \"description\": \"Regex representing container images allowed in Kubernetes cluster. E.g. Regex of azure container registry images is ^.+azurecr.io/.+$\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"ContainerAllowedImages\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego\",\r\n \"policyParameters\": {\r\n \"allowedContainerImagesRegex\": \"[parameters('allowedContainerImagesRegex')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f86cb6e-c4da-441b-807c-44bd0cc14e66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Do not allow privileged containers in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy does not allow privileged containers creation in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"ContainerNoPrivilege\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage certificates issued by an integrated CA\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages certificates are issued by a specified key vault integrated Certificate Authority.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"allowedCAs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Azure Key Vault Supported CAs\",\r\n \"description\": \"The list of allowed certificate authorities supported by Azure Key Vault.\"\r\n },\r\n \"allowedValues\": [\r\n \"DigiCert\",\r\n \"GlobalSign\"\r\n ],\r\n \"defaultValue\": [\r\n \"DigiCert\",\r\n \"GlobalSign\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/issuer.name\",\r\n \"notIn\": \"[parameters('allowedCAs')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e826246-c976-48f6-b03e-619bb92b3d82\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Do not allow privileged containers in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy does not allow privileged containers creation in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"95edb821-ddaf-4404-9732-666045e056b4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage certificates issued by a non-integrated CA\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages certificates are issued by a specified non-integrated Certificate Authority.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"caCommonName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The common name of the certificate authority\",\r\n \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName\",\r\n \"notContains\": \"[parameters('caCommonName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a22f4a40-01d3-4c7d-8071-da157eeff341\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Ensure CPU and memory resource limits defined on containers in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy ensures CPU and memory resource limits are defined on containers in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"ContainerResourceLimits\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a2d3ed81-8d11-4079-80a5-1faadc0024f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Enforce internal load balancers in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy enforces load balancers do not have public IPs in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"LoadBalancersInternal\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a74d8f00-2fd9-4ce4-968e-0ee1eb821698\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Enforce unique ingress hostnames across namespaces in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy enforces unique ingress hostnames across namespaces in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fd3e59-6390-4f2b-8247-ea676bd03e2d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage allowed curve names for elliptic curve cryptography certificates\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages the allowed elliptic curve names for elliptic curve cryptography certificates.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"allowedECNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed elliptic curve names\",\r\n \"description\": \"The list of allowed curve names for elliptic curve cryptography certificates.\"\r\n },\r\n \"allowedValues\": [\r\n \"P-256\",\r\n \"P-256K\",\r\n \"P-384\",\r\n \"P-521\"\r\n ],\r\n \"defaultValue\": [\r\n \"P-256\",\r\n \"P-256K\",\r\n \"P-384\",\r\n \"P-521\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType\",\r\n \"in\": [\r\n \"EC\",\r\n \"EC-HSM\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName\",\r\n \"notIn\": \"[parameters('allowedECNames')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bd78111f-4953-4367-9fd5-7e08808b54bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage minimum key size for RSA certificates\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages the minimum key size for RSA certificates.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"minimumRSAKeySize\": {\r\n \"type\": \"Integer\",\r\n \"metadata\": {\r\n \"displayName\": \"Minimum RSA key size\",\r\n \"description\": \"The minimum key size for RSA certificates.\"\r\n },\r\n \"allowedValues\": [\r\n 2048,\r\n 3072,\r\n 4096\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType\",\r\n \"in\": [\r\n \"RSA\",\r\n \"RSA-HSM\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize\",\r\n \"less\": \"[parameters('minimumRSAKeySize')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cee51871-e572-4576-855c-047c820360f0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Enforce unique ingress hostnames across namespaces in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"UniqueIngressHostnames\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d011d9f7-ba32-4005-b727-b3d09371ca60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Ensure container CPU and memory resource limits do not exceed the specified limits in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy ensures container CPU and memory resource limits are defined and do not exceed the specified limits in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"cpuLimit\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Max allowed CPU units\",\r\n \"description\": \"The maximum CPU units allowed for a container. E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"\r\n }\r\n },\r\n \"memoryLimit\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Max allowed memory bytes\",\r\n \"description\": \"The maximum memory bytes allowed for a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml\",\r\n \"values\": {\r\n \"cpuLimit\": \"[parameters('cpuLimit')]\",\r\n \"memoryLimit\": \"[parameters('memoryLimit')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e345eecc-fa47-480f-9e88-67dcc122b164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage certificates that are within a specified number of days of expiration\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages certificates that are within a specified number of days to their expiration date.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"daysToExpire\": {\r\n \"type\": \"Integer\",\r\n \"metadata\": {\r\n \"displayName\": \"Days to expire\",\r\n \"description\": \"The number of days for a certificate to expire.\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn\",\r\n \"lessOrEquals\": \"[addDays(utcNow(), parameters('daysToExpire'))]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f772fb64-8e40-40ad-87bc-7706e1949427\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Ensure only allowed container images in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy ensures only allowed container images are running in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"allowedContainerImagesRegex\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed container images regex\",\r\n \"description\": \"Regex representing container images allowed in a Kubernetes cluster. E.g. Regex for azure container registry images is ^.+azurecr.io/.+$\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml\",\r\n \"values\": {\r\n \"allowedContainerImagesRegex\": \"[parameters('allowedContainerImagesRegex')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"febd0533-8e55-448f-b837-bd0e06f16469\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Replace tag without becoming compliant\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"category\": \"Tags\",\r\n \"createdBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"createdOn\": \"2019-11-21T00:28:28.0537053Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"value\": \"true\",\r\n \"equals\": \"true\"\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"addOrReplace\",\r\n \"field\": \"tags.mockTag\",\r\n \"value\": \"mockValue\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"270f0d11-af30-4c15-95f7-28ba884518f0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Key vault access policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"definition description\",\r\n \"metadata\": {\r\n \"createdBy\": \"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e\",\r\n \"createdOn\": \"2019-03-26T00:11:44.907552Z\",\r\n \"updatedBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"updatedOn\": \"2019-11-12T22:08:39.7776262Z\"\r\n },\r\n \"parameters\": {\r\n \"userObjectId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"User Object ID\",\r\n \"description\": \"The GUID for the user which should have access\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Keyvault/vaults/accessPolicies[*].objectId\",\r\n \"notEquals\": \"[parameters('userObjectId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"name\": \"current\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"objectId\": {\r\n \"type\": \"string\"\r\n },\r\n \"keyVaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"secretsPermissions\": {\r\n \"type\": \"array\",\r\n \"defaultValue\": [\r\n \"list\"\r\n ]\r\n },\r\n \"tenantId\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"sku\": {\r\n \"type\": \"object\"\r\n },\r\n \"existingAccessPolicies\": {\r\n \"type\": \"array\",\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"variables\": {\r\n \"accessPolicies\": [\r\n {\r\n \"tenantId\": \"[parameters('tenantId')]\",\r\n \"objectId\": \"[parameters('objectId')]\",\r\n \"permissions\": {\r\n \"secrets\": \"[parameters('secretsPermissions')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults\",\r\n \"name\": \"[parameters('keyVaultName')]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-02-14\",\r\n \"properties\": {\r\n \"sku\": \"[parameters('sku')]\",\r\n \"tenantId\": \"[parameters('tenantId')]\",\r\n \"accessPolicies\": \"[concat(parameters('existingAccessPolicies'), variables('accessPolicies'))]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"objectId\": {\r\n \"value\": \"[parameters('userObjectId')]\"\r\n },\r\n \"tenantId\": {\r\n \"value\": \"[field('Microsoft.Keyvault/vaults/tenantId')]\"\r\n },\r\n \"keyVaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"sku\": {\r\n \"value\": \"[field('Microsoft.Keyvault/vaults/sku')]\"\r\n },\r\n \"existingAccessPolicies\": {\r\n \"value\": \"[field('Microsoft.Keyvault/vaults/accessPolicies')]\"\r\n }\r\n }\r\n }\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3863c624-094c-480d-bc42-74970b55e5e1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\",\r\n \"createdBy\": \"7140c269-e408-47a5-a626-a1d836b96883\",\r\n \"createdOn\": \"2019-12-02T22:35:27.2634648Z\",\r\n \"updatedBy\": \"7140c269-e408-47a5-a626-a1d836b96883\",\r\n \"updatedOn\": \"2019-12-02T22:35:29.2696603Z\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyDefinitions/ps7866\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps7866\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"robga test modify\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"metadata\": {\r\n \"createdBy\": \"0dc80135-ae53-4da3-8695-220a2d93aad8\",\r\n \"createdOn\": \"2019-08-06T13:52:23.9266854Z\",\r\n \"updatedBy\": \"0dc80135-ae53-4da3-8695-220a2d93aad8\",\r\n \"updatedOn\": \"2019-08-28T17:18:53.3118044Z\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"tags.testModify\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"add\",\r\n \"field\": \"tags.testModify\",\r\n \"value\": \"addModifyOperation\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"robgaTestModify\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit tag at MG\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"327c26bf-bf3e-4128-9b75-fbbd99e98739\",\r\n \"createdOn\": \"2019-09-19T21:02:29.3038974Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.Test\",\r\n \"equals\": \"UnitTest\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"03ae6c12-b46a-43f1-9f3d-c20620473106\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"\\\"metadata\\\": { \\\"category\\\": \\\"testResourcesGrid\\\" },\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"327c26bf-bf3e-4128-9b75-fbbd99e98739\",\r\n \"createdOn\": \"2019-09-19T20:48:36.8149755Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.testResourcesGrid\",\r\n \"equals\": \"testResourcesGrid\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/4bba2e95-2749-431f-95ff-d032a3ae57f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4bba2e95-2749-431f-95ff-d032a3ae57f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CaleC - Technical Owner Email Tag on RG\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"createdBy\": \"b8890a11-51b6-457d-99f0-b36fde28fa4f\",\r\n \"createdOn\": \"2019-11-13T21:16:37.0623117Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Pattern matching\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n }\r\n },\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"tagName\",\r\n \"description\": \"Technical Owner Email Address\"\r\n },\r\n \"defaultValue\": \"TechnicalOwnerEmail\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"[concat('tags[',parameters('tagName'), ']')]\",\r\n \"like\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/54d50b8c-c4c6-4552-9e50-19925aedcf44\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"54d50b8c-c4c6-4552-9e50-19925aedcf44\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh def\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"createdBy\": \"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e\",\r\n \"createdOn\": \"2019-03-28T00:13:27.0393653Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/5b51a7de-acd9-42cd-81bd-32d9c01968e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b51a7de-acd9-42cd-81bd-32d9c01968e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim audit subscriptions without security contacts\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"69108416-6ac7-4a4f-ac13-fee20ff1ee02\",\r\n \"createdOn\": \"2019-06-07T20:59:59.7600143Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/securityContacts\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"67d90168-f067-43df-bd57-bca4b46df3a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Empty deployment on each KeyVault resource\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys an empty deployment (with one output) on each KeyVault vault. Used for some PolicyInsights SDK tests.\",\r\n \"metadata\": {\r\n \"category\": \"SDK Tests\",\r\n \"createdBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"createdOn\": \"2019-11-21T17:43:12.9974078Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"notExists\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"constantOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"someConstantValue\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78a38c70-5549-49bd-8a16-fe3619e5d2cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CaleC - Ensure principal is member of role\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"createdBy\": \"b8890a11-51b6-457d-99f0-b36fde28fa4f\",\r\n \"createdOn\": \"2019-11-08T01:55:56.4678953Z\",\r\n \"updatedBy\": \"b8890a11-51b6-457d-99f0-b36fde28fa4f\",\r\n \"updatedOn\": \"2019-11-13T21:19:54.5769298Z\"\r\n },\r\n \"parameters\": {\r\n \"roleDefinitionId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Approved Role Definition\",\r\n \"description\": \"The role definition id to add the principal to.\"\r\n }\r\n },\r\n \"principalId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Principal Id\",\r\n \"description\": \"Principal Id to add to roles\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('roleDefinitionId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/roleAssignments\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"[parameters('principalId')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/roleDefinitionId\",\r\n \"equals\": \"[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', parameters('roleDefinitionId'))]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"deployment\": {\r\n \"location\": \"eastus\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"roleId\": {\r\n \"value\": \"[parameters('roleDefinitionId')]\"\r\n },\r\n \"principalId\": {\r\n \"value\": \"[parameters('principalId')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"principalId\": {\r\n \"type\": \"string\"\r\n },\r\n \"roleId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[guid(subscription().id, parameters('roleId'), parameters('principalId'))]\",\r\n \"type\": \"Microsoft.Authorization/roleAssignments\",\r\n \"apiVersion\": \"2019-04-01-preview\",\r\n \"properties\": {\r\n \"principalId\": \"[parameters('principalId')]\",\r\n \"roleDefinitionId\": \"[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', parameters('roleId'))]\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/906ef7c2-27f9-48f4-b111-1f0aca8697cd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"906ef7c2-27f9-48f4-b111-1f0aca8697cd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim mg test 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"69108416-6ac7-4a4f-ac13-fee20ff1ee02\",\r\n \"createdOn\": \"2019-04-01T18:34:15.5651057Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilim mg test 2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"jilim mg test 2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim mg test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"69108416-6ac7-4a4f-ac13-fee20ff1ee02\",\r\n \"createdOn\": \"2019-04-01T18:00:41.0087033Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilimmgtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"jilimmgtest\"\r\n }\r\n ]\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1599\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0004bbf0-5099-4179-869e-e9ffe5fb0945\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit virtual machines without disaster recovery configured\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Resources/links\",\r\n \"existenceCondition\": {\r\n \"field\": \"name\",\r\n \"like\": \"ASR-Protect-*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Sockets state for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an Function app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/001802d1-4969-4c82-a700-c29c6c6f9bbd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"001802d1-4969-4c82-a700-c29c6c6f9bbd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1375 - Incident Response Assistance | Automation Support For Availability Of Information / Support\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1375\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"00379355-8932-4b52-b63a-3bc6daf3451a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1605 - Developer Security Testing And Evaluation | Static Code Analysis\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1605\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0062eb8b-dc75-4718-8ea5-9bb4a9606655\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Backup should be enabled for Virtual Machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy helps audit if Azure Backup service is enabled for all Virtual machines. Azure Backup is a cost-effective, one-click backup solution simplifies data recovery and is easier to enable than other cloud backup services.\",\r\n \"metadata\": {\r\n \"category\": \"backup\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.RecoveryServices/backupprotecteditems\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"013e242c-8828-4970-87b3-ab247555486d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1142 - Security Assessment And Authorization Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1142\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01524fa8-4555-48ce-ba5f-c3b8dcef5147\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1099 - Security Training Records\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1099\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01910bab-8639-4bd0-84ef-cc53b24d79ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1285\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"01f7726b-db54-45c2-bcb5-9bd7a43796ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1709 - Security Function Verification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1709\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"025992d6-7fee-4137-9bbf-2ffc39c0686c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1052 - Session Lock\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1052\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"027cae1c-ec3e-4492-9036-4168d540c42a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1034 - Least Privilege\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1034\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"02a5ed00-6d2e-4e97-9a98-46c32c057329\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs on which the remote host connection status does not match the specified one\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines on which the remote host connection status does not match the specified one. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsRemoteConnection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"02a84be7-c304-421f-9bb7-5d2c26af54ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1623 - Boundary Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1623\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"02ce1b22-412a-4528-8630-c42146f917ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1515 - Personnel Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1515\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"02dd141a-a2b2-49a7-bcbd-ca31142f6211\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1327 - Authenticator Management | Password-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1327\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"03188d8f-1ae5-4fe1-974d-2d7d32ef937d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1229 - Information System Component Inventory | No Duplicate Accounting Of Components\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1229\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"03752212-103c-4ab8-a306-7e813022ca9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level Adjustment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1123\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"03996055-37a4-45a5-8b70-3f1caa45f87d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply - Minimal Operational Capability\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1474\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"03ad326e-d7a1-44b1-9a76-e17492efc9e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1227 - Information System Component Inventory | Automated Unauthorized Component Detection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1227\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"03b78f5e-4877-4303-b0f4-eb6583f25768\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1361 - Incident Handling\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1361\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"03ed3be1-7276-4452-9a5d-e4168565ac67\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1594 - Developer Configuration Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1594\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"042ba2a1-8bb8-45f4-b080-c78cf62b90e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"SQL managed instance TDE protector should be encrypted with your own key\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Transparent Data Encryption (TDE) with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/encryptionProtector\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/managedInstances/encryptionProtector/serverKeyType\",\r\n \"equals\": \"AzureKeyVault\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/managedInstances/encryptionProtector/uri\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/managedInstances/encryptionProtector/uri\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"048248b0-55cd-46da-b1ff-39efd52db260\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Network traffic data collection agent should be installed on Linux virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Security Center uses the Microsoft Monitoring Dependency Agent to collect network traffic data from your Azure virtual machines to enable advanced network protection features such as traffic visualization on the network map, network hardening recommendations and specific network threats.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"preview\": \"true\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable Dependency Agent for Linux VMs monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\",\r\n \"12-SP3\",\r\n \"12-SP4\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04c4380f-3fae-46e8-96c9-30193528f602\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Service Bus to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Service Bus to stream to a regional Log Analytics workspace when any Service Bus which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"OperationalLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04d53d87-841c-4f23-8a5b-21564380b55e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1572 - Acquisition Process\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1572\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"04f5fb00-80bb-48a9-a75b-4cb4d4c97c36\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"053d3325-282c-4e5c-b944-24faffd30d77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1331 - Authenticator Management | Password-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1331\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"05460fe2-301f-4ed1-8174-d62c8bb92ff4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Ensure that an email address is provided for the 'Send scan reports to' field in the Vulnerability Assessment settings. This email address receives scan result summary after a periodic scan runs on SQL servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/vulnerabilityAssessments\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/vulnerabilityAssessments/default.recurringScans.emails[*]\",\r\n \"notEquals\": \"\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Azure Data Lake Store should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"057ef27e-665e-4328-8ea3-04b3122bd9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1132\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"05938e10-cdbd-4a54-9b2b-1cbcfc141ad0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1223 - Information System Component Inventory\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1223\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1640 - Transmission Confidentiality And Integrity\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1640\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"05a289ce-6a20-4b75-a0f3-dc8601b6acd0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1420 - Maintenance Personnel\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1420\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"05ae08cc-a282-413b-90c7-21a2c60b8404\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1658 - Secure Name / Address Resolution Service (Recursive Or Caching Resolver)\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1658\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"063b540e-4bdc-4e7a-a569-3a42ddf22098\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1688 - Information System Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1688\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"063c3f09-e0f0-4587-8fd5-f4276fae675f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1332 - Authenticator Management | Password-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1332\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"068260be-a5e6-4b0a-a430-cd27071c226a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1455 - Physical Access Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1455\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"068a88d4-e520-434e-baf0-9005a8164e6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit SQL DB Level Audit Setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit DB level audit setting for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit VMs that do not use managed disks\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits VMs that do not use managed disks\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osDisk.uri\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/VirtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl\",\r\n \"exists\": \"True\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06a78e20-9358-41c9-923c-fb736d382a4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1366 - Incident Handling | Information Correlation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1366\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"06c45c30-ae44-4f0f-82be-41331da911cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated Proxy Servers\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1633\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"07557aa0-e02f-4460-9a81-8ecd2fed601a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CORS should not allow every resource to access your Function Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Cross-Origin Resource Sharing (CORS) should not allow all domains to access your Function app. Allow only required domains to interact with your Function app.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0820b7b9-23aa-4725-a1ce-ae4558f718e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example values: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0868462e-646c-4fe3-9ced-a733534b6a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1583 - Information System Documentation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1583\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0882d488-8e80-4466-bc0f-0cd15b6cb66d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08b17839-76c6-4015-90e0-33d9d54d219c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08b17839-76c6-4015-90e0-33d9d54d219c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Search Services to stream to a regional Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Search/searchServices/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"OperationLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08ba64b8-738f-4918-9686-730d2ed79c7d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Network Security Group Rules for Internet facing virtual machines should be hardened\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Azure Security Center analyzes the traffic patterns of Internet facing virtual machines and provides Network Security Group rule recommendations that reduce the potential attack surface\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"adaptiveNetworkHardenings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"08e6af2d-db70-460a-bfe9-d5bd474ba9d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"There should be more than one owner assigned to your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate more than one subscription owner in order to have administrator access redundancy.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateMoreThanOneOwner\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09024ccc-0c5f-475e-9457-b7c0d9ed487b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1159 - Security Authorization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1159\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0925f098-7877-450b-8ba4-d1e55f2d8795\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Disk encryption should be applied on virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0961003e-5a0a-4549-abde-af6a37f2724d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1302 - Identification And Authentication (Org. Users) | Network Access To Non-Privileged Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1302\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09828c65-e323-422b-9774-9d5c646124da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Configure backup on VMs of a location to an existing central Vault in the same location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy configures Azure Backup protection on VMs in a given location to an existing central vault in the same location. It applies to only those VMs that are not already configured for backup. It is recommended that this policy is assigned to not more than 200 VMs. If the policy is assigned for more than 200 VMs, it can result in the backup getting triggered a few hours beyond the defined schedule. This policy will be enhanced to support more VM images.\",\r\n \"metadata\": {\r\n \"category\": \"Backup\"\r\n },\r\n \"parameters\": {\r\n \"vaultLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Location (Specify the location of the VMs that you want to protect)\",\r\n \"description\": \"Specify the location of the VMs that you want to protect. VMs should be backed up to a vault in the same location.\\nFor example - southeastasia\",\r\n \"strongType\": \"location\"\r\n }\r\n },\r\n \"backupPolicyId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Backup Policy (of type Azure VM from a vault in the location chosen above)\",\r\n \"description\": \"Specify the id of the Azure backup policy to configure backup of the virtual machines. The selected Azure backup policy should be of type Azure virtual machine. This policy needs to be in a vault that is present in the location chosen above.\\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/\",\r\n \"strongType\": \"Microsoft.RecoveryServices/vaults/backupPolicies\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"auditIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"equals\": \"[parameters('vaultLocation')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\",\r\n \"/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b\"\r\n ],\r\n \"type\": \"Microsoft.RecoveryServices/backupprotecteditems\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"backupPolicyId\": {\r\n \"type\": \"String\"\r\n },\r\n \"fabricName\": {\r\n \"type\": \"String\"\r\n },\r\n \"protectionContainers\": {\r\n \"type\": \"String\"\r\n },\r\n \"protectedItems\": {\r\n \"type\": \"String\"\r\n },\r\n \"sourceResourceId\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[concat('DeployProtection-',uniqueString(parameters('protectedItems')))]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[first(skip(split(parameters('backupPolicyId'), '/'), 4))]\",\r\n \"subscriptionId\": \"[first(skip(split(parameters('backupPolicyId'), '/'), 2))]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"backupPolicyId\": {\r\n \"type\": \"String\"\r\n },\r\n \"fabricName\": {\r\n \"type\": \"String\"\r\n },\r\n \"protectionContainers\": {\r\n \"type\": \"String\"\r\n },\r\n \"protectedItems\": {\r\n \"type\": \"String\"\r\n },\r\n \"sourceResourceId\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems\",\r\n \"name\": \"[concat(first(skip(split(parameters('backupPolicyId'), '/'), 8)), '/', parameters('fabricName'), '/',parameters('protectionContainers'), '/', parameters('protectedItems'))]\",\r\n \"apiVersion\": \"2016-06-01\",\r\n \"properties\": {\r\n \"protectedItemType\": \"Microsoft.Compute/virtualMachines\",\r\n \"policyId\": \"[parameters('backupPolicyId')]\",\r\n \"sourceResourceId\": \"[parameters('sourceResourceId')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"backupPolicyId\": {\r\n \"value\": \"[parameters('backupPolicyId')]\"\r\n },\r\n \"fabricName\": {\r\n \"value\": \"[parameters('fabricName')]\"\r\n },\r\n \"protectionContainers\": {\r\n \"value\": \"[parameters('protectionContainers')]\"\r\n },\r\n \"protectedItems\": {\r\n \"value\": \"[parameters('protectedItems')]\"\r\n },\r\n \"sourceResourceId\": {\r\n \"value\": \"[parameters('sourceResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"backupPolicyId\": {\r\n \"value\": \"[parameters('backupPolicyId')]\"\r\n },\r\n \"fabricName\": {\r\n \"value\": \"Azure\"\r\n },\r\n \"protectionContainers\": {\r\n \"value\": \"[concat('iaasvmcontainer;iaasvmcontainerv2;', resourceGroup().name, ';' ,field('name'))]\"\r\n },\r\n \"protectedItems\": {\r\n \"value\": \"[concat('vm;iaasvmcontainerv2;', resourceGroup().name, ';' ,field('name'))]\"\r\n },\r\n \"sourceResourceId\": {\r\n \"value\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Compute/virtualMachines/',field('name'))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"09ce66bc-1220-4153-8104-e3f51c936913\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1654 - Voice Over Internet Protocol\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1654\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a2ee16e-ab1f-414a-800b-d1608835862b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1402\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a560d32-8075-4fec-9615-9f7c853f4ea9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1428 - Media Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1428\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a77fcc7-b8d8-451a-ab52-56197913c0c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit resource location matches resource group location\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that the resource location matches its resource group location\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"location\",\r\n \"notIn\": [\r\n \"[resourcegroup().location]\",\r\n \"global\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a914e76-4921-4c19-b460-a2d36003525a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Management'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Account Management'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesAccountManagement\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesAccountManagement\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a9991e6-21be-49f9-8916-a06d934bcf29\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1044 - Unsuccessful Logon Attempts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1044\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0abbac52-57cf-450d-8408-1208d0dd9e90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1253\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0afce0b3-dd9f-42bb-af28-1e4284ba8311\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Email notification to subscription owner for high severity alerts should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enable emailing security alerts to the subscription owner, in order to have them receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/securityContacts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/securityContacts/alertsToAdmins\",\r\n \"notEquals\": \"Off\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0b15565f-aa9e-48ba-8619-45960f2c314d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1046\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0b1aa965-7502-41f9-92be-3e2fe7cc392a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1020 - Account Management | Role-Based Schemes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1020\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0b291ee8-3140-4cad-beb7-568c077c78ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Key Vault objects should be recoverable\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits if key vault objects are not recoverable. Soft Delete feature helps to effectively hold the resources for a given retention period (90 days) even after a DELETE operation, while giving the appearance that the object is deleted. When 'Purge protection' is on, a vault or an object in deleted state cannot be purged until the retention period of 90 days has passed. These vaults and objects can still be recovered, assuring customers that the retention policy will be followed.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.KeyVault/vaults/enableSoftDelete\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault/vaults/enablePurgeProtection\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault/vaults/enableSoftDelete\",\r\n \"equals\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault/vaults/enablePurgeProtection\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1115 - Audit Review, Analysis, And Reporting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1115\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0b653845-2ad9-4e09-a4f3-5a7c1d78353d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1239 - User-Installed Software\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1239\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0be51298-f643-4556-88af-d7db90794879\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/clientCertEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0c192fe8-9cbb-4516-85b3-0ade8bd03886\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1496 - System Security Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1496\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ca96127-2f87-46ab-a4fc-0d2a786df1c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"SQL server TDE protector should be encrypted with your own key\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Transparent Data Encryption (TDE) with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/encryptionProtector\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/encryptionProtector/serverKeyType\",\r\n \"equals\": \"AzureKeyVault\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/encryptionProtector/uri\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/encryptionProtector/uri\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0d134df8-db83-46fb-ad72-fe0c9428c8dd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1518 - Personnel Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1518\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0d58f734-c052-40e9-8b2f-a1c2bff0b815\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1713 - Software, Firmware, And Information Integrity | Integrity Checks\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1713\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0d87c70b-5012-48e9-994b-e70dd4b8def0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1466 - Visitor Access Records\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1466\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0d943a9c-a6f1-401f-a792-740cdb09c451\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs on which Windows Defender Exploit Guard is not enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines on which Windows Defender Exploit Guard is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsDefenderExploitGuard\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0d9b45ff-9ddd-43fc-bf59-fbd1c8423053\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Managed identity should be used in your Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Use a managed identity for enhanced authentication security\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/managedServiceIdentityId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0da106f2-4ca3-48e8-bc85-c638fe6aea8f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1718 - Software, Firmware, And Information Integrity | Binary Or Machine Executable Code\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1718\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0dced7ab-9ce5-4137-93aa-14c13e06ab17\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Authorized IP ranges should be defined on Kubernetes Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Restrict access to the Kubernetes Service Management API by granting API access only to IP addresses in specific ranges. It is recommended to limit access to authorized IP ranges to ensure that only applications from allowed networks can access the cluster.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/apiServerAuthorizedIPRanges\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e246bcf-5f6f-4f87-bc6f-775d4712c7ea\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Remote debugging should be turned off for Function Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an function app. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.remoteDebuggingEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0e60b895-3786-45da-8377-9c6b4b6ac5f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Geo-redundant backup should be enabled for Azure Database for MariaDB\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Azure Database for MariaDB with geo-redundant backup not enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforMariaDB/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DBforMariaDB/servers/storageProfile.geoRedundantBackup\",\r\n \"notEquals\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ec47710-77ff-4a3d-9181-6aa50af424d0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to enable Guest Configuration Policy on Windows VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a system-assigned managed identity and deploys the VM extension for Guest Configuration on Windows VMs. This is a prerequisites for Guest Configuration Policy and must be assigned to the scope before using any Guest Configuration policy. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"AzurePolicyforWindows\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.GuestConfiguration\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"ConfigurationforWindows\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0ecd903d-91e7-4726-83d3-a229d7f2e293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ecd903d-91e7-4726-83d3-a229d7f2e293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1601 - Developer Security Testing And Evaluation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1601\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1476 - Fire Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1476\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0f3c4ac2-3e35-4906-a80b-473b12a622d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1204 - Access Restrictions For Change | Review System Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1204\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0f4f6750-d1ab-4a4c-8dfd-af3237682665\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1430 - Media Marking\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1430\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0f559588-5e53-4b14-a7c4-85d28ebc2234\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1574 - Acquisition Process\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1574\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0f935dab-83d6-47b8-85ef-68b8584161b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1164 - Continuous Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1164\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0fb8d3ce-9e96-481c-9c68-88d4e3019310\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1017 - Account Management | Inactivity Logout\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1017\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0fc3db37-e59a-48c1-84e9-1780cedb409e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1087 - Security Awareness And Training Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1087\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"100c82ba-42e9-4d44-a2ba-94b209248583\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that do not contain the specified certificates in Trusted Root\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows VMs that do not contain the specified certificates in the Trusted Root Certification Authorities certificate store (Cert:\\\\LocalMachine\\\\Root). It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"CertificateThumbprints\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints that should exist under the Trusted Root certificate store (Cert:\\\\LocalMachine\\\\Root). e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsCertificateInTrustedRoot\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude', '=', parameters('CertificateThumbprints')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsCertificateInTrustedRoot\"\r\n },\r\n \"CertificateThumbprints\": {\r\n \"value\": \"[parameters('CertificateThumbprints')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"CertificateThumbprints\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude\",\r\n \"value\": \"[parameters('CertificateThumbprints')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude\",\r\n \"value\": \"[parameters('CertificateThumbprints')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"106ccbe4-a791-4f33-a44a-06796944b8d5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1554\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"10984b4e-c93e-48d7-bf20-9c03b04e9eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that '.Net Framework' version is the latest, if used as a part of the Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for .Net Framework software either due to security flaws or to include additional functionality. Using the latest .Net framework version for web apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.netFrameworkVersion\",\r\n \"in\": [\r\n \"v3.0\",\r\n \"v4.0\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"10c1859c-e1a7-4df3-ab97-a487fa8059f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Custom subscription owner roles should not exist\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy ensures that no custom subscription owner roles exist.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/permissions[*].actions[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/permissions.actions[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/assignableScopes[*]\",\r\n \"notIn\": [\r\n \"[concat(subscription().id,'/')]\",\r\n \"[subscription().id]\",\r\n \"/\"\r\n ]\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/assignableScopes[*]\",\r\n \"notLike\": \"/providers/Microsoft.Management/*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1230 - Configuration Management Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1230\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11158848-f679-4e9b-aa7b-9fb07d945071\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1432 - Media Storage\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1432\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1140e542-b80d-4048-af45-3f7245be274b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\",\r\n \"12-SP3\",\r\n \"12-SP4\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"11ac78e3-31bc-4f0c-8434-37ab963cea07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1655 - Voice Over Internet Protocol\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1655\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"121eab72-390e-4629-a7e2-6d6184f57c6b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1681 - Malicious Code Protection | Automatic Updates\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1681\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12623e7e-4736-4b2e-b776-c1600f35f93a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1240 - User-Installed Software\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1240\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"129eb39f-d79a-4503-84cd-92f036b5e429\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - System objects'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - System objects'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsSystemobjects\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsSystemobjects\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12ae2d24-3805-4b37-9fa9-465968bfbcfa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1666 - System And Information Integrity Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1666\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12e30ee3-61e6-4509-8302-a871e8ebb91e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs that do not have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the specified applications installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names (supports wildcards)\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[InstalledApplication]bwhitelistedapp;Name', '=', parameters('installedApplication')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WhitelistedApplication\"\r\n },\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"installedApplication\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]bwhitelistedapp;Name\",\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1347 - Identification And Authentication (Non-Org. Users) | Acceptance Of PIV Creds. From Other Agys.\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1347\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"131a2706-61e9-4916-a164-00e052056462\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1450 - Physical Access Authorizations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1450\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"134d7a13-ba3e-41e2-b236-91bfcfa24e01\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1184 - Configuration Change Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1184\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1085 - Publicly Accessible Content\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1085\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"13d117e0-38b0-4bbb-aaab-563be5dd10ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1404 - Maintenance Tools\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1404\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"13d8f903-0cd6-449f-a172-50f6579c182b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1695 - Information System Monitoring | Wireless Intrusion Detection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1695\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"13fcf812-ec82-4eda-9b89-498de9efd620\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs in which the Administrators group contains any of the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines in which the Administrators group contains any of the specified members. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"MembersToExclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to exclude\",\r\n \"description\": \"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AdministratorsGroupMembersToExclude\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[LocalGroup]AdministratorsGroup;MembersToExclude', '=', parameters('MembersToExclude')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AdministratorsGroupMembersToExclude\"\r\n },\r\n \"MembersToExclude\": {\r\n \"value\": \"[parameters('MembersToExclude')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"MembersToExclude\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LocalGroup]AdministratorsGroup;MembersToExclude\",\r\n \"value\": \"[parameters('MembersToExclude')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LocalGroup]AdministratorsGroup;MembersToExclude\",\r\n \"value\": \"[parameters('MembersToExclude')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"144f1397-32f9-4598-8c88-118decc3ccba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1157 - Plan Of Action And Milestones\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1157\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"15495367-cf68-464c-bbc3-f53ca5227b7a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1491 - Security Planning Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1491\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1571dd40-dafc-4ef4-8f55-16eba27efc7b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1564 - System Development Life Cycle\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1564\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"157f0ef9-143f-496d-b8f9-f8c8eeaad801\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that do not have a minimum password age of 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have a minimum password age of 1 day. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1662 - Fail In Known State\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1662\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"165cb91f-7ea8-4ab7-beaf-8636b98c9d15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1684 - Information System Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1684\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16bfdb59-db38-47a5-88a9-2e9371a638cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs that do not have the specified Windows PowerShell modules installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not have the specified Windows PowerShell modules installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsPowerShellModules\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16f9b37c-4408-4c30-bc17-254958f2e2d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1103 - Audit Events\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1103\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16feeb31-6377-437e-bbab-d7f73911896d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1007 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1007\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17200329-bf6c-46d8-ac6d-abf4641c2add\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1349 - Identification And Authentication (Non-Org. Users) | Use Of FICAM-Approved Products\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1349\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17641f70-94cd-4a5d-a613-3d1143e20e34\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy associations for a managed application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys an association resource that associates selected resource types to the specified managed application. This policy deployment does not support nested resource types.\",\r\n \"metadata\": {\r\n \"category\": \"Managed Application\"\r\n },\r\n \"parameters\": {\r\n \"targetManagedApplicationId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Managed application Id\",\r\n \"description\": \"Resource ID of the managed application to which resources need to be associated.\"\r\n }\r\n },\r\n \"resourceTypesToAssociate\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource types to associate\",\r\n \"description\": \"The list of resource types to be associated to the managed application.\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n },\r\n \"associationNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Association name prefix\",\r\n \"description\": \"Prefix to be added to the name of the association resource being created.\"\r\n },\r\n \"defaultValue\": \"DeployedByPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('resourceTypesToAssociate')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.CustomProviders/Associations\",\r\n \"name\": \"[concat(parameters('associationNamePrefix'), '-', uniqueString(parameters('targetManagedApplicationId')))]\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"associatedResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceTypesToAssociate\": {\r\n \"type\": \"string\"\r\n },\r\n \"targetManagedApplicationId\": {\r\n \"type\": \"string\"\r\n },\r\n \"associationNamePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"resourceType\": \"[concat(parameters('resourceTypesToAssociate'), '/providers/associations')]\",\r\n \"resourceName\": \"[concat(parameters('associatedResourceName'), '/microsoft.customproviders/', parameters('associationNamePrefix'), '-', uniqueString(parameters('targetManagedApplicationId')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[concat(deployment().Name, '-2')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"type\": \"[variables('resourceType')]\",\r\n \"name\": \"[variables('resourceName')]\",\r\n \"apiVersion\": \"2018-09-01-preview\",\r\n \"properties\": {\r\n \"targetResourceId\": \"[parameters('targetManagedApplicationId')]\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceTypesToAssociate\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"associatedResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"targetManagedApplicationId\": {\r\n \"value\": \"[parameters('targetManagedApplicationId')]\"\r\n },\r\n \"associationNamePrefix\": {\r\n \"value\": \"[parameters('associationNamePrefix')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17763ad9-70c0-4794-9397-53d765932634\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17763ad9-70c0-4794-9397-53d765932634\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Transparent Data Encryption on SQL databases should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit transparent data encryption status for SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"enabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"17k78e20-9358-41c9-923c-fb736d382a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1325 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1325\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1845796a-7581-49b2-ae20-443121538e19\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1480 - Temperature And Humidity Controls\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1480\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"18a767cc-1947-4338-a240-bc058c81164f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1369 - Incident Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1369\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"18cc35ed-a429-486d-8d59-cb47e87304ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1269\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"19b9439d-865d-4474-b17d-97d2702fdb66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1071 - Wireless Access | Restrict Configurations By Users\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1071\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1a437f5b-9ad6-4f28-8861-de404d511ae4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy ensures that a log profile collects logs for categories 'write,' 'delete,' and 'action'\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logprofiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/categories[*]\",\r\n \"notEquals\": \"Write\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/categories[*]\",\r\n \"notEquals\": \"Delete\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/categories[*]\",\r\n \"notEquals\": \"Action\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1a4e592a-6a6e-44a5-9814-e36264ca96e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Access to App Services should be restricted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Azure security center has discovered that the networking configuration of some of your app services are overly permissive and allow inbound traffic from ranges that are too broad\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"restrictAccessToAppServices\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1a833ff1-d297-4a0f-9944-888428f8e0ff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerability assessment should be enabled on your SQL managed instances\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit SQL managed instances which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/vulnerabilityAssessments\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/managedInstances/vulnerabilityAssessments/recurringScans.isEnabled\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1b7aa243-30e4-4c9e-bca8-d0d3022b634a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'PHP version' is the latest, if used as a part of the Api app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for API apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"PHPLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest PHP version\",\r\n \"description\": \"Latest supported PHP version for App Services\"\r\n },\r\n \"defaultValue\": \"7.3\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"PHP\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"[concat('PHP|', parameters('PHPLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"[parameters('PHPLatestVersion')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1c210e94-a481-4beb-95fa-1571b434fb04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1072\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1ca29e41-34ec-4e70-aba9-6248aca18c31\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative Source)\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1656\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1cb067d5-c8b5-4113-a7ee-0a493633924b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1592 - External Information System Services | Consistent Interests Of Consumers And Providers\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1592\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d01ba6c-289f-42fd-a408-494b355b6222\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1088 - Security Awareness And Training Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1088\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d50f99d-1356-49c0-934a-45f742ba7783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1538 - Security Categorization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1538\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d7658b2-e827-49c3-a2ae-6d2bd0b45874\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Virtual machines should be migrated to new Azure Resource Manager resources\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachines\"\r\n ]\r\n },\r\n {\r\n \"value\": \"[field('type')]\",\r\n \"equals\": \"Microsoft.ClassicCompute/virtualMachines\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1d84d5fb-01f6-4d12-ba4f-4a26081d403d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1298 - Identification And Authentication Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1298\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1dc784b5-4895-4d27-9d40-a06b032bd1ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit API Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1de7b11d-1870-41a5-8181-507e7c663cfb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1595 - Developer Configuration Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1595\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e0414e7-6ef5-4182-8076-aa82fbb53341\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require tag and its value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enforces a required tag and its value. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"equals\": \"[parameters('tagValue')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e30110a-5ceb-460c-a204-c1c3969c6d62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"An Azure Active Directory administrator should be provisioned for SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/administrators\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f314764-cb73-4fc9-b863-8eca98ac36e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Event Hub to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Event Hub to stream to a regional Log Analytics workspace when any Event Hub which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.EventHub/namespaces/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"ArchiveLogs\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"OperationalLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"AutoScaleLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"KafkaCoordinatorLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"EventHubVNetConnectionEvent\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"CustomerManagedKeyUserLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f6e93e8-6b31-41b1-83f6-36e449a42579\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Shutdown'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Shutdown'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Shutdown: Allow system to be shut down without having to log on\",\r\n \"description\": \"Specifies whether a computer can be shut down when a user is not logged on. If this policy setting is enabled, the shutdown command is available on the Windows logon screen.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"ShutdownClearVirtualMemoryPagefile\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Shutdown: Clear virtual memory pagefile\",\r\n \"description\": \"Specifies whether the virtual memory pagefile is cleared when the system is shut down. When this policy setting is enabled, the system pagefile is cleared each time that the system shuts down properly. For systems with large amounts of RAM, this could result in substantial time needed to complete the shutdown.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsShutdown\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Shutdown: Allow system to be shut down without having to log on;ExpectedValue', '=', parameters('ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn'), ',', 'Shutdown: Clear virtual memory pagefile;ExpectedValue', '=', parameters('ShutdownClearVirtualMemoryPagefile')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsShutdown\"\r\n },\r\n \"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn\": {\r\n \"value\": \"[parameters('ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn')]\"\r\n },\r\n \"ShutdownClearVirtualMemoryPagefile\": {\r\n \"value\": \"[parameters('ShutdownClearVirtualMemoryPagefile')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn\": {\r\n \"type\": \"string\"\r\n },\r\n \"ShutdownClearVirtualMemoryPagefile\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Shutdown: Allow system to be shut down without having to log on;ExpectedValue\",\r\n \"value\": \"[parameters('ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn')]\"\r\n },\r\n {\r\n \"name\": \"Shutdown: Clear virtual memory pagefile;ExpectedValue\",\r\n \"value\": \"[parameters('ShutdownClearVirtualMemoryPagefile')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Shutdown: Allow system to be shut down without having to log on;ExpectedValue\",\r\n \"value\": \"[parameters('ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn')]\"\r\n },\r\n {\r\n \"name\": \"Shutdown: Clear virtual memory pagefile;ExpectedValue\",\r\n \"value\": \"[parameters('ShutdownClearVirtualMemoryPagefile')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1f8c20ce-3414-4496-8b26-0e902a1541da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1616 - System And Communications Protection Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1616\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2006457a-48b3-4f7b-8d2e-1532287f9929\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1650 - Public Key Infrastructure Certificates\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1650\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201d3740-bd16-4baf-b4b8-7cda352228b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"The NSGs rules for web applications on IaaS should be hardened\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Azure security center has discovered that some of your virtual machines are running web applications, and the NSGs associated to these virtual machines are overly permissive with regards to the web application ports\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"201ea587-7c90-41c3-910f-c280ae01cfd6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1181\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"21839937-d241-4fa5-95c6-b669253d9ab9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1111 - Response To Audit Processing Failures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1111\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"21de687c-f15e-4e51-bf8d-f35c8619965b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1596 - Developer Configuration Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1596\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"21e25e01-0ae0-41be-919e-04ce92b8e8b8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Audit'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Audit'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsAudit\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"21e2995e-683e-497a-9e81-2f42ad07050a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1426 - Media Protection Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1426\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"21f639bc-f42b-46b1-8f40-7a2a389c291a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit API Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a API app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/224da9fe-0d38-4e79-adb3-0a6e2af942ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"224da9fe-0d38-4e79-adb3-0a6e2af942ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1399 - Controlled Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1399\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2256e638-eb23-480f-9e15-6cf1af0a76b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1221\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22589a07-0007-486a-86ca-95355081ae2a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - Account Management'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Account Management'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesAccountManagement\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"225e937e-d32e-4713-ab74-13ce95b3519a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Management ports should be closed on your virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Open remote management ports are exposing your VM to a high level of risk from Internet-based attacks. These attacks attempt to brute force credentials to gain admin access to the machine.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"restrictAccessToManagementPorts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22730e10-96f6-4aac-ad84-9383d35b5917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1493 - System Security Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1493\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22b469b3-fccf-42da-aa3b-a28e6fb113ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Only secure connections to your Redis Cache should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Cache\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Cache/redis\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Cache/Redis/enableNonSslPort\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"22bee202-a82f-4305-9a2a-6d7f44d4dedb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that do not restrict the minimum password length to 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not restrict the minimum password length to 14 characters. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MinimumPasswordLength\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1256\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"232ab24b-810b-4640-9019-74a7d0d6a980\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Service Bus should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Service Bus not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.ServiceBus/namespaces/virtualNetworkRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.ServiceBus/namespaces/virtualNetworkRules/virtualNetworkSubnetId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"235359c5-7c52-4b82-9055-01c75cf9f60e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a regional Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"Execution\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Authoring\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1268 - Alternate Storage Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1268\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"23f6e984-3053-4dfc-ab48-543b764781f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1122\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"243ec95e-800c-49d4-ba52-1fdd9f6b8b57\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1231 - Configuration Management Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1231\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"244e0c05-cc45-4fe7-bf36-42dcf01f457d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1082 - Information Sharing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1082\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24d480ef-11a0-4b1b-8e70-4e023bf2be23\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that do not have a maximum password age of 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not have a maximum password age of 70 days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Data Lake Storage Gen1 to stream to a regional Log Analytics workspace when any Data Lake Storage Gen1 which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"Audit\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Requests\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/25763a0a-5783-4f14-969e-79d4933eb74b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25763a0a-5783-4f14-969e-79d4933eb74b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1372 - Incident Reporting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1372\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25b96717-c912-4c00-9143-4e487f411726\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1038 - Least Privilege | Privileged Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1038\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26692e88-71b7-4a5f-a8ac-9f31dd05bd8e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Endpoint protection solution should be installed on virtual machine scale sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit the existence and health of an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EndpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26a828e1-e88f-464e-bbb3-c134a282b9de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1649 - Collaborative Computing Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1649\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26d292cc-b0b8-4c29-9337-68abc758bf7b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Metric alert rules should be configured on Batch accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit configuration of metric alert rules on Batch account to enable the required metric\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/alertRules\",\r\n \"existenceScope\": \"Subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.metricName\",\r\n \"equals\": \"[parameters('metricName')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/alertRules/condition.dataSource.resourceUri\",\r\n \"equals\": \"[concat('/subscriptions/', subscription().subscriptionId, '/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Batch/batchAccounts/', field('name'))]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1396 - Controlled Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1396\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"276af98f-4ff9-4e69-99fb-c9b2452fb85f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1074 - Access Control For Mobile Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1074\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"27a69937-af92-4198-9b86-08d355c7e59a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1527 - Access Agreements\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1527\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2823de66-332f-4bfd-94a3-3eb036cd3b67\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy default Microsoft IaaSAntimalware extension for Windows Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys a Microsoft IaaSAntimalware extension with a default configuration when a VM is not configured with the antimalware extension.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExclusionsPaths\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file paths or locations to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsExtensions\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of file extensions to exclude from scanning\"\r\n }\r\n },\r\n \"ExclusionsProcesses\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"Semicolon delimited list of process names to exclude from scanning\"\r\n }\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not real time protection is enabled (default is true)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"false\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether or not custom scheduled scan settings are enabled (default is false)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsScanType\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"Quick\",\r\n \"metadata\": {\r\n \"description\": \"Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsDay\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"7\",\r\n \"metadata\": {\r\n \"description\": \"Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)\"\r\n }\r\n },\r\n \"ScheduledScanSettingsTime\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"120\",\r\n \"metadata\": {\r\n \"description\": \"When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM.\"\r\n }\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/IaaSAntimalware')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.Azure.Security\",\r\n \"type\": \"IaaSAntimalware\",\r\n \"typeHandlerVersion\": \"1.3\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"AntimalwareEnabled\": true,\r\n \"RealtimeProtectionEnabled\": \"[parameters('RealtimeProtectionEnabled')]\",\r\n \"ScheduledScanSettings\": {\r\n \"isEnabled\": \"[parameters('ScheduledScanSettingsIsEnabled')]\",\r\n \"day\": \"[parameters('ScheduledScanSettingsDay')]\",\r\n \"time\": \"[parameters('ScheduledScanSettingsTime')]\",\r\n \"scanType\": \"[parameters('ScheduledScanSettingsScanType')]\"\r\n },\r\n \"Exclusions\": {\r\n \"Extensions\": \"[parameters('ExclusionsExtensions')]\",\r\n \"Paths\": \"[parameters('ExclusionsPaths')]\",\r\n \"Processes\": \"[parameters('ExclusionsProcesses')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"RealtimeProtectionEnabled\": {\r\n \"value\": \"true\"\r\n },\r\n \"ScheduledScanSettingsIsEnabled\": {\r\n \"value\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2835b622-407b-4114-9198-6f7064cbe0dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1342\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"283a4e29-69d5-4c94-b99e-29acf003c899\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1436 - Media Transport\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1436\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28aab8b4-74fd-4b7c-9080-5a7be525d574\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1224 - Information System Component Inventory | Updates During Installations / Removals\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1224\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28cfa30b-7f72-47ce-ba3b-eed26c8d2c82\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1148 - Security Assessments | Independent Assessors\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1148\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e62650-c7c2-4786-bdfa-17edc1673902\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1418 - Nonlocal Maintenance | Comparable Security / Sanitization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1418\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"28e633fd-284e-4ea7-88b4-02ca157ed713\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1634\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"292a7c44-37fa-4c68-af7c-9d836955ded2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - User Account Control'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - User Account Control'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsUserAccountControl\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/29829ec2-489d-4925-81b7-bda06b1718e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"29829ec2-489d-4925-81b7-bda06b1718e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append tag and its default value\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Appends the specified tag and value when any resource which is missing this tag is created or updated. Does not modify the tags of resources created before this policy was applied until those resources are changed. Does not apply to resource groups. New 'modify' effect policies are available that support remediation of tags on existing resources (see https://aka.ms/modifydoc).\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a0e14a6-b0a6-4fab-991a-187a4f81c498\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1219\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2a39ac75-622b-4c88-9a3f-45b7373f7ef7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1274 - Alternate Processing Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1274\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2aee175f-cd16-4825-939a-a85349d96210\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1603 - Developer Security Testing And Evaluation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1603\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b909c26-162f-47ce-8e15-0c1f55632eac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Managed identity should be used in your Web App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Use a managed identity for enhanced authentication security\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/managedServiceIdentityId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2b9ad585-36bc-4615-b300-fd4435808332\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1434 - Media Transport\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1434\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2c18f06b-a68d-41c3-8863-b8cd3acb5f8f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1343\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2c251a55-31eb-4e53-99c6-e9c43c393ac2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1388 - Information Spillage Response\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1388\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2c7c575a-d4c5-4f6f-bd49-dee97a8cba55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1344 - Authenticator Feedback\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1344\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2c895fe7-2d8e-43a2-838c-3a533a5b355e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Unattached disks should be encrypted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any unattached disk without encryption enabled.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/disks\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/disks/diskState\",\r\n \"equals\": \"Unattached\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/disks/encryptionSettingsCollection.enabled\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/disks/encryptionSettingsCollection.enabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2c89a2e5-7285-40fe-afe0-ae8654b92fb2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1593 - External Information System Services | Processing, Storage, And Service Location\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1593\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1546 - Vulnerability Scanning\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1546\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2ce1ea7e-4038-4e53-82f4-63e8859333c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1414 - Nonlocal Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1414\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2ce63a52-e47b-4ae2-adbb-6e40d967f9e6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1679 - Malicious Code Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1679\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2cf42a28-193e-41c5-98df-7688e7ef0a88\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1068 - Wireless Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1068\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d045bca-a0fd-452e-9f41-4ec33769717c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"App Service should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any App Service not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/virtualNetworkConnections\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/virtualnetworkconnections/vnetResourceId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d21331d-a4c2-4def-a9ad-ee4e1e023beb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1704 - Security Alerts, Advisories, And Directives\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1704\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d44b6fa-1134-4ea6-ad4e-9edb68f65429\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that do not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not store passwords using reversible encryption. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Linux VMs that allow remote connections from accounts without passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that allow remote connections from accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1077 - Use Of External Information Systems\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1077\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2dad3668-797a-412e-a798-07d3849a7a79\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1149 - Security Assessments | Specialized Assessments\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1149\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2e1b855b-a013-481a-aeeb-2bcb129fd35d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1497 - System Security Plan | Plan / Coordinate With Other Organizational Entities\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1497\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2e3c5583-1729-4d36-8771-59c32f090a22\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1000 - Access Control Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1000\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2ef3cc79-733e-48ed-ab6f-7bf439e9b406\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1519 - Personnel Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1519\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2f13915a-324c-4ab8-b45c-2eefeeefb098\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Network traffic data collection agent should be installed on Windows virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Security Center uses the Microsoft Monitoring Dependency Agent to collect network traffic data from your Azure virtual machines to enable advanced network protection features such as traffic visualization on the network map, network hardening recommendations and specific network threats.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\",\r\n \"preview\": \"true\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable Dependency Agent for Windows VMs monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2f2ee1de-44aa-4762-b6bd-0893fc3f306d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1144 - Security Assessments\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1144\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fa15ff1-a693-4ee4-b094-324818dc9a51\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1090 - Security Awareness Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1090\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fb740e5-cbc7-4d10-8686-d1bf826652b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Web Application should only be accessible over HTTPS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"OnlyHttpsForWebApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fde8a98-6892-426a-83ba-050e640c0ce0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fde8a98-6892-426a-83ba-050e640c0ce0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Network Access'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Network Access'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"30040dab-4e75-4456-8273-14b8f75d91d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs that are not joined to the specified domain\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that are not joined to the specified domain. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"DomainName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Domain Name (FQDN)\",\r\n \"description\": \"The fully qualified domain name (FQDN) that the Windows VMs should be joined to\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsDomainMembership\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[DomainMembership]WindowsDomainMembership;DomainName', '=', parameters('DomainName')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsDomainMembership\"\r\n },\r\n \"DomainName\": {\r\n \"value\": \"[parameters('DomainName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"DomainName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[DomainMembership]WindowsDomainMembership;DomainName\",\r\n \"value\": \"[parameters('DomainName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[DomainMembership]WindowsDomainMembership;DomainName\",\r\n \"value\": \"[parameters('DomainName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"315c850a-272d-4502-8935-b79010405970\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1042\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"319dc4f0-0fed-4ac9-8fc3-7aeddee82c07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1698 - Information System Monitoring | Individuals Posing Greater Risk\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1698\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"31b752c1-05a9-432a-8fce-c39b56550119\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32133ab0-ee4b-4b44-98d6-042180979d50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1587 - External Information System Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1587\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32820956-9c6d-4376-934c-05cd8525be7c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1333 - Authenticator Management | Pki-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1333\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3298d6bf-4bc6-4278-a95d-f7ef3ac6e594\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs on which the specified services are not installed and 'Running'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines on which the specified services are not installed and 'Running'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ServiceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Service names (supports wildcards)\",\r\n \"description\": \"A semicolon-separated list of the names of the services that should be installed and 'Running'. e.g. 'WinRm;Wi*'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsServiceStatus\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[WindowsServiceStatus]WindowsServiceStatus1;ServiceName', '=', parameters('ServiceName')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsServiceStatus\"\r\n },\r\n \"ServiceName\": {\r\n \"value\": \"[parameters('ServiceName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ServiceName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName\",\r\n \"value\": \"[parameters('ServiceName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsServiceStatus]WindowsServiceStatus1;ServiceName\",\r\n \"value\": \"[parameters('ServiceName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32b1e4d4-6cd5-47b4-a935-169da8a5c262\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1445 - Physical And Environmental Protection Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1445\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32d07d59-2716-4972-b37b-214a67ac4a37\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1282\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34042a97-ec6d-4263-93d2-8c1c46823b2a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Linux VMs that have accounts without passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Linux virtual machines that have accounts without passwords. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid232\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1151 - System Interconnections\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1151\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"347e3b69-7fb7-47df-a8ef-71a1a7b44bca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1412 - Nonlocal Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1412\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3492d949-0dbb-4589-88b3-7b59601cc764\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1475 - Emergency Lighting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1475\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34a63848-30cf-4081-937e-ce1a1c885501\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1060 - Remote Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1060\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34a987fd-2003-45de-a120-014956581f2b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit unrestricted network access in your storage account firewall settings. Instead, configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"equals\": \"Allow\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34c877ad-507e-4c82-993e-3452a6e0ad3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1341 - Authenticator Management | Multiple Information System Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1341\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34cb7e92-fe4c-4826-b51e-8cd203fa5d35\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Logic Apps should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Logic Apps\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"34f95f76-5386-4de7-b824-0d8478470c9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1210 - Configuration Settings\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1210\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3502c968-c490-4570-8167-1476f955e9b8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that do not have a maximum password age of 70 days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have a maximum password age of 70 days. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MaximumPasswordAge\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MaximumPasswordAge\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CORS should not allow every resource to access your API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution Service\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1659\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"35a4102f-a778-4a2e-98c2-971056288df8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Gateway subnets should not be configured with a network security group\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy denies if a gateway subnet is configured with a network security group. Assigning a network security group to a gateway subnet will cause the gateway to stop functioning.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"GatewaySubnet\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"35f9c03a-cc27-418e-9c0c-539ff999d010\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From Executing Privileged Functions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1043\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"361a77f6-0f9c-4748-8eec-bc13aaaa2455\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Advanced Threat Protection on Storage Accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables Advanced Threat Protection on Storage Accounts.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/advancedThreatProtectionSettings\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/advancedThreatProtectionSettings/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"storageAccountName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2019-01-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts/providers/advancedThreatProtectionSettings\",\r\n \"name\": \"[concat(parameters('storageAccountName'), '/Microsoft.Security/current')]\",\r\n \"properties\": {\r\n \"isEnabled\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"storageAccountName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"361c2074-3595-4e5d-8cab-4f21dffc835c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1313 - Identifier Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1313\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36220f5b-79a1-4cdb-8c74-2d2449f9a510\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1630 - Boundary Protection | External Telecommunications Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1630\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3643717a-3897-4bfd-8530-c7c96b26b2a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Automation account variables should be encrypted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is important to enable encryption of Automation account variable assets when storing sensitive data\",\r\n \"metadata\": {\r\n \"category\": \"Automation\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts/variables\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Automation/automationAccounts/variables/isEncrypted\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3657f5a0-770e-44a3-b44e-9431ba1e9735\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1339 - Authenticator Management | Protection Of Authenticators\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1339\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"367ae386-db7f-4167-b672-984ff86277c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1685 - Information System Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1685\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36b0ef30-366f-4b1b-8652-a3511df11f53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Threat Detection on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Threat Detection is enabled on SQL Servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36d49e87-48c4-4f2e-beed-ba4ed02b71f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Security'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Network Security'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network Security: Configure encryption types allowed for Kerberos\",\r\n \"description\": \"Specifies the encryption types that Kerberos is allowed to use.\"\r\n },\r\n \"defaultValue\": \"2147483644\"\r\n },\r\n \"NetworkSecurityLANManagerAuthenticationLevel\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: LAN Manager authentication level\",\r\n \"description\": \"Specify which challenge-response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers.\"\r\n },\r\n \"defaultValue\": \"5\"\r\n },\r\n \"NetworkSecurityLDAPClientSigningRequirements\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: LDAP client signing requirements\",\r\n \"description\": \"Specify the level of data signing that is requested on behalf of clients that issue LDAP BIND requests.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: Minimum session security for NTLM SSP based (including secure RPC) clients\",\r\n \"description\": \"Specifies which behaviors are allowed by clients for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers for more information.\"\r\n },\r\n \"defaultValue\": \"537395200\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: Minimum session security for NTLM SSP based (including secure RPC) servers\",\r\n \"description\": \"Specifies which behaviors are allowed by servers for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services.\"\r\n },\r\n \"defaultValue\": \"537395200\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsNetworkSecurity\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Network Security: Configure encryption types allowed for Kerberos;ExpectedValue', '=', parameters('NetworkSecurityConfigureEncryptionTypesAllowedForKerberos'), ',', 'Network security: LAN Manager authentication level;ExpectedValue', '=', parameters('NetworkSecurityLANManagerAuthenticationLevel'), ',', 'Network security: LDAP client signing requirements;ExpectedValue', '=', parameters('NetworkSecurityLDAPClientSigningRequirements'), ',', 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients;ExpectedValue', '=', parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients'), ',', 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers;ExpectedValue', '=', parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsNetworkSecurity\"\r\n },\r\n \"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos\": {\r\n \"value\": \"[parameters('NetworkSecurityConfigureEncryptionTypesAllowedForKerberos')]\"\r\n },\r\n \"NetworkSecurityLANManagerAuthenticationLevel\": {\r\n \"value\": \"[parameters('NetworkSecurityLANManagerAuthenticationLevel')]\"\r\n },\r\n \"NetworkSecurityLDAPClientSigningRequirements\": {\r\n \"value\": \"[parameters('NetworkSecurityLDAPClientSigningRequirements')]\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients\": {\r\n \"value\": \"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients')]\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers\": {\r\n \"value\": \"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkSecurityLANManagerAuthenticationLevel\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkSecurityLDAPClientSigningRequirements\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Network Security: Configure encryption types allowed for Kerberos;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityConfigureEncryptionTypesAllowedForKerberos')]\"\r\n },\r\n {\r\n \"name\": \"Network security: LAN Manager authentication level;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityLANManagerAuthenticationLevel')]\"\r\n },\r\n {\r\n \"name\": \"Network security: LDAP client signing requirements;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityLDAPClientSigningRequirements')]\"\r\n },\r\n {\r\n \"name\": \"Network security: Minimum session security for NTLM SSP based (including secure RPC) clients;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients')]\"\r\n },\r\n {\r\n \"name\": \"Network security: Minimum session security for NTLM SSP based (including secure RPC) servers;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Network Security: Configure encryption types allowed for Kerberos;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityConfigureEncryptionTypesAllowedForKerberos')]\"\r\n },\r\n {\r\n \"name\": \"Network security: LAN Manager authentication level;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityLANManagerAuthenticationLevel')]\"\r\n },\r\n {\r\n \"name\": \"Network security: LDAP client signing requirements;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityLDAPClientSigningRequirements')]\"\r\n },\r\n {\r\n \"name\": \"Network security: Minimum session security for NTLM SSP based (including secure RPC) clients;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients')]\"\r\n },\r\n {\r\n \"name\": \"Network security: Minimum session security for NTLM SSP based (including secure RPC) servers;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36e17963-7202-494a-80c3-f508211c826b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1557\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"36fbe499-f2f2-41b6-880e-52d7ea1d94a5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Interactive Logon'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Interactive Logon'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsInteractiveLogon\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsInteractiveLogon\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3750712b-43d0-478e-9966-d2c26f6141b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1624 - Boundary Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1624\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37d079e3-d6aa-4263-a069-dd7ac6dd9684\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Storage accounts should be migrated to new Azure Resource Manager resources\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use new Azure Resource Manager for your storage accounts to provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.ClassicStorage/storageAccounts\",\r\n \"Microsoft.Storage/StorageAccounts\"\r\n ]\r\n },\r\n {\r\n \"value\": \"[field('type')]\",\r\n \"equals\": \"Microsoft.ClassicStorage/storageAccounts\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"37e0d2fe-28a5-43d6-a273-67d37d1f5606\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1335 - Authenticator Management | Pki-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1335\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"382016f3-d4ba-4e15-9716-55077ec4dc2a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in IoT Hub should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Internet of Things\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Devices/IotHubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"383856f8-de7f-44a2-81fc-e5135b5c2aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1081 - Information Sharing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1081\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3867f2a9-23bb-4729-851f-c3ad98580caf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1522 - Personnel Transfer\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1522\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"38b470cc-f939-4a15-80e0-9f0c74f2e2c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1416 - Nonlocal Maintenance | Document Nonlocal Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1416\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"38dfd8a3-5290-4099-88b7-4081f4c4d8ae\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1397 - Controlled Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1397\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"391af4ab-1117-46b9-b2c7-78bbd5cd995b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1556\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"391ff8b3-afed-405e-9f7d-ef2f8168d5da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Advanced data security settings for SQL managed instance should contain an email address to receive security alerts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Ensure that an email address is provided for the 'Send alerts to' field in the Advanced Data Security server settings. This email address receives alert notifications when anomalous activities are detected on SQL managed instances.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]\",\r\n \"notEquals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3965c43d-b5f4-482e-b74a-d89ee0e0b3a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1232 - Configuration Management Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1232\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"396ba986-eac1-4d6d-85c4-d3fda6b78272\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1246 - Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1246\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"398eb61e-8111-40d5-a0c9-003df28f1753\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"FTPS only should be required in your Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enable FTPS enforcement for enhanced security\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/ftpsState\",\r\n \"equals\": \"FtpsOnly\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"399b2637-a50f-4f95-96f8-3a145476eb15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1680 - Malicious Code Protection | Central Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1680\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"399cd6ee-0e18-41db-9dea-cde3bd712f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1228 - Information System Component Inventory | Accountability Information\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1228\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"39c54140-5902-4079-8bb5-ad31936fe764\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1039 - Least Privilege | Review Of User Privileges\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1039\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3a7b9de4-a8a2-4672-914d-c5f6752aa7f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1648 - Collaborative Computing Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1648\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3a9eb14b-495a-4ebb-933c-ce4ef5264e32\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1315 - Identifier Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1315\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3aa87116-f1a1-4edb-bfbf-14e036f8d454\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Pod Security Policies should be defined on Kubernetes Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Define Pod Security Policies to reduce the attack vector by removing unnecessary application privileges. It is recommended to configure Pod Security Policies to only allow pods to access the resources which they have permissions to access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3abeb944-26af-43ee-b83d-32aaf060fb94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1548 - Vulnerability Scanning\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1548\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3afe6c78-6124-4d95-b85c-eb8c0c9539cb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1266\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b4a3eb2-c25d-40bf-ad41-5094b6f59cee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1003 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1003\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3b68b179-3704-4ff7-b51d-7d65374d165d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3be22e3b-d919-47aa-805e-8985dbeb0ad9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"MicrosoftMonitoringAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"MicrosoftMonitoringAgent\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c1b3629-c8f8-4bf6-862c-037cb9094038\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerabilities in security configuration on your virtual machine scale sets should be remediated\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit the OS vulnerabilities on your virtual machine scale sets to protect them from attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"OsVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1621 - Resource Availability\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1621\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cb9f731-744a-4691-a481-ca77b0411538\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1521 - Personnel Termination | Automated Notification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1521\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1127 - Time Stamps\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1127\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3ce328db-aef3-48ed-9f81-2ab7cf839c66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Search Services to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Search Services to stream to a regional Event Hub when any Search Services which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Search/searchServices/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"OperationLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d5da587-71bd-41f5-ac95-dd3330c2d58d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Devices'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Devices'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsDevices\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d7b154e-2700-4c8c-9e46-cb65ac1578c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Deploy default Log Analytics Agent for Ubuntu VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace\",\r\n \"metadata\": {\r\n \"category\": \"Compute\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\",\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\",\r\n \"14.04.2-LTS\",\r\n \"12.04.5-LTS\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'),'/omsPolicy')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2017-12-01\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"type\": \"OmsAgentForLinux\",\r\n \"typeHandlerVersion\": \"1.4\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled monitoring for Linux VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1385 - Information Spillage Response\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1385\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e495e65-8663-49ca-9b38-9f45e800bc58\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Monitor solution 'Security and Audit' must be deployed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy ensures that Security and Audit is deployed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.OperationsManagement/solutions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.OperationsManagement/solutions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"like\": \"Security(*)\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e596b57-105f-48a6-be97-03e9243bad6e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1160 - Security Authorization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1160\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3e797ca6-2aa8-4333-b335-7036f1110c05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1545 - Risk Assessment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1545\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3f4b171a-a56b-4328-8112-32cf7f947ee1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1179 - Baseline Configuration | Reviews And Updates\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1179\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit API Applications that are not using latest supported PHP Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported PHP version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPHP\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fe37002-5d00-4b37-a301-da09e3a0ca66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fe37002-5d00-4b37-a301-da09e3a0ca66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1561 - Allocation Of Resources\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1561\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"40364c3f-c331-4e29-b1e3-2fbe998ba2f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Secure transfer to storage accounts should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit requirment of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"404c3081-a854-4457-ae30-26a93ef643f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1100 - Audit And Accountability Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1100\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4057863c-ca7d-47eb-b1e0-503580cba8a4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1637 - Boundary Protection | Fail Secure\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1637\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4075bedc-c62a-4635-bede-a01be89807f3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - System'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Administrative Templates - System'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"AlwaysUseClassicLogon\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Always use classic logon\",\r\n \"description\": \"Specifies whether to force the user to log on to the computer using the classic logon screen. This setting only works when the computer is not on a domain.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"BootStartDriverInitializationPolicy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Boot-Start Driver Initialization Policy\",\r\n \"description\": \"Specifies which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver.\"\r\n },\r\n \"defaultValue\": \"3\"\r\n },\r\n \"EnableWindowsNTPClient\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Windows NTP Client\",\r\n \"description\": \"Specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"TurnOnConveniencePINSignin\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Turn on convenience PIN sign-in\",\r\n \"description\": \"Specifies whether a domain user can sign in using a convenience PIN.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdministrativeTemplatesSystem\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Always use classic logon;ExpectedValue', '=', parameters('AlwaysUseClassicLogon'), ',', 'Boot-Start Driver Initialization Policy;ExpectedValue', '=', parameters('BootStartDriverInitializationPolicy'), ',', 'Enable Windows NTP Client;ExpectedValue', '=', parameters('EnableWindowsNTPClient'), ',', 'Turn on convenience PIN sign-in;ExpectedValue', '=', parameters('TurnOnConveniencePINSignin')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_AdministrativeTemplatesSystem\"\r\n },\r\n \"AlwaysUseClassicLogon\": {\r\n \"value\": \"[parameters('AlwaysUseClassicLogon')]\"\r\n },\r\n \"BootStartDriverInitializationPolicy\": {\r\n \"value\": \"[parameters('BootStartDriverInitializationPolicy')]\"\r\n },\r\n \"EnableWindowsNTPClient\": {\r\n \"value\": \"[parameters('EnableWindowsNTPClient')]\"\r\n },\r\n \"TurnOnConveniencePINSignin\": {\r\n \"value\": \"[parameters('TurnOnConveniencePINSignin')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AlwaysUseClassicLogon\": {\r\n \"type\": \"string\"\r\n },\r\n \"BootStartDriverInitializationPolicy\": {\r\n \"type\": \"string\"\r\n },\r\n \"EnableWindowsNTPClient\": {\r\n \"type\": \"string\"\r\n },\r\n \"TurnOnConveniencePINSignin\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Always use classic logon;ExpectedValue\",\r\n \"value\": \"[parameters('AlwaysUseClassicLogon')]\"\r\n },\r\n {\r\n \"name\": \"Boot-Start Driver Initialization Policy;ExpectedValue\",\r\n \"value\": \"[parameters('BootStartDriverInitializationPolicy')]\"\r\n },\r\n {\r\n \"name\": \"Enable Windows NTP Client;ExpectedValue\",\r\n \"value\": \"[parameters('EnableWindowsNTPClient')]\"\r\n },\r\n {\r\n \"name\": \"Turn on convenience PIN sign-in;ExpectedValue\",\r\n \"value\": \"[parameters('TurnOnConveniencePINSignin')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Always use classic logon;ExpectedValue\",\r\n \"value\": \"[parameters('AlwaysUseClassicLogon')]\"\r\n },\r\n {\r\n \"name\": \"Boot-Start Driver Initialization Policy;ExpectedValue\",\r\n \"value\": \"[parameters('BootStartDriverInitializationPolicy')]\"\r\n },\r\n {\r\n \"name\": \"Enable Windows NTP Client;ExpectedValue\",\r\n \"value\": \"[parameters('EnableWindowsNTPClient')]\"\r\n },\r\n {\r\n \"name\": \"Turn on convenience PIN sign-in;ExpectedValue\",\r\n \"value\": \"[parameters('TurnOnConveniencePINSignin')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"40917425-69db-4018-8dae-2a0556cef899\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1202 - Access Restrictions For Change\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1202\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"40a2a83b-74f2-4c02-ae65-f460a5d2792a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1438 - Media Sanitization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1438\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"40fcc635-52a2-4dbc-9523-80a1f4aa1de6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1365 - Incident Handling | Continuity Of Operations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1365\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4116891d-72f7-46ee-911c-8056cc8dcbd5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1022 - Account Management | Shared / Group Account Credential Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1022\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"411f7e2d-9a0b-4627-a0b9-1700432db47d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance Equipment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1464\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41256567-1795-4684-b00b-a1308ce43cac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure Monitor should collect activity logs from all regions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits the Azure Monitor log profile which does not export activities from all Azure supported regions including global.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logProfiles\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"australiacentral\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"australiacentral2\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"australiaeast\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"australiasoutheast\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"brazilsouth\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"canadacentral\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"canadaeast\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"centralindia\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"centralus\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"eastasia\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"eastus\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"eastus2\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"francecentral\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"francesouth\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"japaneast\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"japanwest\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"koreacentral\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"koreasouth\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"northcentralus\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"northeurope\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"southafricanorth\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"southafricawest\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"southcentralus\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"southindia\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"southeastasia\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"uaecentral\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"uaenorth\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"uksouth\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"ukwest\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"westcentralus\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"westeurope\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"westindia\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"westus\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"westus2\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/locations[*]\",\r\n \"notEquals\": \"global\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1263 - Contingency Plan Testing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1263\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"41472613-3b05-49f6-8fe8-525af113ce17\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1096 - Role-Based Security Training | Practical Exercises\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1096\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"420c1477-aa43-49d0-bd7e-c4abdd9addff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1260 - Contingency Training | Simulated Events\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1260\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"42254fc4-2738-4128-9613-72aaa4f0d9c3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1694 - Information System Monitoring | Analyze Communications Traffic Anomalies\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1694\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"426c4ac9-ff17-49d0-acd7-a13c157081c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Batch accounts should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Batch\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"428256e6-1fac-4f48-a757-df34c2b3336d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Detailed Tracking'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Detailed Tracking'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"AuditProcessTermination\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Process Termination\",\r\n \"description\": \"Specifies whether audit events are generated when a process has exited. Recommended for monitoring termination of critical processes.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesDetailedTracking\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Audit Process Termination;ExpectedValue', '=', parameters('AuditProcessTermination')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesDetailedTracking\"\r\n },\r\n \"AuditProcessTermination\": {\r\n \"value\": \"[parameters('AuditProcessTermination')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditProcessTermination\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Process Termination;ExpectedValue\",\r\n \"value\": \"[parameters('AuditProcessTermination')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Process Termination;ExpectedValue\",\r\n \"value\": \"[parameters('AuditProcessTermination')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"42a07bbf-ffcf-459a-b4b1-30ecd118a505\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1174 - Configuration Management Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1174\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"42a9a714-8fbb-43ac-b115-ea12d2bd652f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1137 - Audit Generation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1137\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4344df62-88ab-4637-b97b-bcaf2ec97e7c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1367\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"435b2547-6374-4f87-b42d-6e8dbe6ae62a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1552\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"43684572-e4f1-4642-af35-6b933bc506da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - System settings'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - System settings'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies\",\r\n \"description\": \"Specifies whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. It enables or disables certificate rules (a type of software restriction policies rule). For certificate rules to take effect in software restriction policies, you must enable this policy setting.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsSystemsettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies;ExpectedValue', '=', parameters('SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsSystemsettings\"\r\n },\r\n \"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies\": {\r\n \"value\": \"[parameters('SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies;ExpectedValue\",\r\n \"value\": \"[parameters('SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies;ExpectedValue\",\r\n \"value\": \"[parameters('SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"437a1f8f-8552-47a8-8b12-a2fee3269dd5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1544 - Risk Assessment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1544\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"43ced7c9-cd53-456b-b0da-2522649a4271\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1398 - Controlled Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1398\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"443e8f3d-b51a-45d8-95a7-18b0e42f4dc4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Monitor permissive network access in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Security Groups with too permissive rules will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"permissiveNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44452482-524f-4bf4-b852-0bff7cc4a3ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1066 - Remote Access | Disconnect / Disable Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1066\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4455c2e8-c65d-4acf-895e-304916f90b36\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1720 - Spam Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1720\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44b9a7cd-f36a-491a-a48b-6d04ae7c4221\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1334 - Authenticator Management | Pki-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1334\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44bfdadc-8c2e-4c30-9c99-f005986fabcd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1604 - Developer Security Testing And Evaluation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1604\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44dbba23-0b61-478e-89c7-b3084667782f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1712 - Software, Firmware, And Information Integrity\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1712\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"44e543aa-41db-42aa-98eb-8a5eb1db53f0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1310 - Device Identification And Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1310\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"450d7ede-823d-4931-a99d-57f6a38807dc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1559 - System And Services Acquisition Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1559\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"45692294-f074-42bd-ac54-16f1a3c07554\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1578 - Acquisition Process | Functions / Ports / Protocols / Services In Use\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1578\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"45b7b644-5f91-498e-9d89-7402532d3645\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1565 - System Development Life Cycle\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1565\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"45ce2396-5c76-4654-9737-f8792ab3d26b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party Registration\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1337\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"463e5220-3f79-4e24-a63f-343e4096cd22\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Require SQL Server version 12.0\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures all SQL servers use version 12.0. This policy is deprecated because it is no longer possible to create an Azure SQL server with any version other than 12.0.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\",\r\n \"deprecated\": \"true\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/version\",\r\n \"equals\": \"12.0\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1346 - Identification And Authentication (Non-Organizational Users)\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1346\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"464dc8ce-2200-4720-87a5-dc5952924cc6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46544d7b-1f0d-46f5-81da-5c1351de1b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46544d7b-1f0d-46f5-81da-5c1351de1b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require automatic OS image patching on Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enforces enabling automatic OS image patching on Virtual Machine Scale Sets to always keep Virtual Machines secure by safely applying latest security patches every month.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade\",\r\n \"notEquals\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade\",\r\n \"notEquals\": \"True\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f0161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1368 - Incident Handling | Correlation With External Organizations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1368\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"465f32da-0ace-4603-8d1b-7be5a3a702de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity Using Encryption\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1062\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4708723f-e099-4af1-bbf9-b6df7642e444\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Automatic provisioning of the Log Analytics monitoring agent should be enabled on your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enable automatic provisioning of the Log Analytics monitoring agent in order to collect security data\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/autoProvisioningSettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/autoProvisioningSettings/autoProvision\",\r\n \"equals\": \"On\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"475aae12-b88a-4572-8b36-9b712b2b3a17\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Adaptive Application Controls should be enabled on virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible Application Whitelist configuration will be monitored by Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"applicationWhitelisting\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47a6b606-51aa-4496-8bb7-64b11cf66adc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1359 - Incident Response Testing | Coordination With Related Plans\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1359\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47bc7ea0-7d13-4f7c-a154-b903f7194253\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1165 - Continuous Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1165\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"47e10916-6c9e-446b-b0bd-ff5fd439d79d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1048 - System Use Notification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1048\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"483e7ca9-82b3-45a2-be97-b93163a0deb7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1033 - Separation Of Duties\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1033\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48540f01-fc11-411a-b160-42807c68896e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1477 - Fire Protection | Detection Devices / Systems\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1477\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4862a63c-6c74-4a9d-a221-89af3c374503\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1484 - Water Damage Protection | Automation Support\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1484\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"486b006a-3653-45e8-b41c-a052d3e05456\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit IP restrictions configuration for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects an API app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48893b84-a2c8-4d9a-badf-835d5d1b7d53\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48893b84-a2c8-4d9a-badf-835d5d1b7d53\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Geo-redundant backup should be enabled for Azure Database for PostgreSQL\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Azure Database for PostgreSQL with geo-redundant backup not enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/storageProfile.geoRedundantBackup\",\r\n \"notEquals\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48af4db5-9b8b-401c-8e74-076be876a430\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1669 - Flaw Remediation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1669\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"48f2f62b-5743-4415-a143-288adc0e078d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1376 - Incident Response Assistance | Coordination With External Providers\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1376\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"493a95f3-f2e3-47d0-af02-65e6d6decc2f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'Java version' is the latest, if used as a part of the Web app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for Java software either due to security flaws or to include additional functionality. Using the latest Java version for web apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"JavaLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest Java version\",\r\n \"description\": \"Latest supported Java version for App Services\"\r\n },\r\n \"defaultValue\": \"11\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"JAVA\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"like\": \"[concat('*', parameters('JavaLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"like\": \"[concat(parameters('JavaLatestVersion'), '*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"496223c3-ad65-4ecd-878a-bae78737e9ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Audit'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Audit'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit: Shut down system immediately if unable to log security audits\",\r\n \"description\": \"Audits if the system will shut down when unable to log Security events.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsAudit\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Audit: Shut down system immediately if unable to log security audits;ExpectedValue', '=', parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsAudit\"\r\n },\r\n \"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits\": {\r\n \"value\": \"[parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit: Shut down system immediately if unable to log security audits;ExpectedValue\",\r\n \"value\": \"[parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit: Shut down system immediately if unable to log security audits;ExpectedValue\",\r\n \"value\": \"[parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"498b810c-59cd-4222-9338-352ba146ccf3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1329 - Authenticator Management | Password-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1329\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"498f6234-3e20-4b6a-a880-cbd646d973bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1638\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49b99653-32cd-405d-a135-e7d60a9aae1f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append tag and its default value to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Appends the specified tag and value when any resource group which is missing this tag is created or updated. Does not modify the tags of resource groups created before this policy was applied until those resource groups are changed. New 'modify' effect policies are available that support remediation of tags on existing resources (see https://aka.ms/modifydoc).\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1294\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"49dbe627-2c1e-438c-979e-dd7a39bbf81d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1218 - Least Functionality | Prevent Program Execution\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1218\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a1d0394-b9f5-493e-9e83-563fd0ac4df8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1677 - Malicious Code Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1677\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4a248e1e-040f-43e5-bff2-afc3a57a3923\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1094 - Role-Based Security Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1094\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4b1853e0-8973-446b-b567-09d901d31a09\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1114\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c090801-59bc-4454-bb33-e0455133486a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1364 - Incident Handling | Dynamic Reconfiguration\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1364\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c615c2a-dc83-4dda-8220-abce7b50c9bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers At Logout\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1661\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4c643c9a-1be7-4016-a5e7-e4bada052920\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1373 - Incident Reporting | Automated Reporting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1373\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4cca950f-c3b7-492a-8e8f-ea39663c14f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1632\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4ce9073a-77fa-48f0-96b1-87aa8e6091c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Linux VMs that do not have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Linux virtual machines that do not have the specified applications installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should be installed. e.g. 'python; powershell'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent', '=', concat('packages: [', replace(parameters('ApplicationName'), ';', ','), ']')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', replace(parameters('ApplicationName'), ';', ','), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]InstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', replace(parameters('ApplicationName'), ';', ','), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d1c04de-2172-403f-901b-90608c35c721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"FTPS should be required in your Web App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enable FTPS enforcement for enhanced security\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/ftpsState\",\r\n \"equals\": \"FtpsOnly\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1155 - System Interconnections | Restrictions On External System Connections\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1155\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d33f9f1-12d0-46ad-9fbd-8f8046694977\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1156 - Plan Of Action And Milestones\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1156\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d52e864-9a3b-41ee-8f03-520815fe5378\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1312 - Identifier Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1312\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4d6a5968-9eef-4c18-8534-376790ab7274\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined and the agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\",\r\n \"12-SP3\",\r\n \"12-SP4\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.6\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a regional Event Hub when any Data Lake Analytics which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"Audit\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Requests\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4daddf25-4823-43d4-88eb-2419eb6dcc08\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4daddf25-4823-43d4-88eb-2419eb6dcc08\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1394 - System Maintenance Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1394\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4db56f68-3f50-45ab-88f3-ca46f5379a94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1702 - Information System Monitoring | Indicators Of Compromise\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1702\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4dfc0855-92c4-4641-b155-a55ddd962362\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1001 - Access Control Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1001\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4e26f8c3-4bf3-4191-b8fc-d888805101b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1083 - Publicly Accessible Content\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1083\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4e319cb6-2ca3-4a58-ad75-e67f484e50ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1579 - Acquisition Process | Use Of Approved Piv Products\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1579\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4e54c7ef-7457-430b-9a3e-ef8881d4a8e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1247 - Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1247\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4e666db5-b2ef-4b06-aac6-09bfce49151b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1196 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1196\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4e7f4ea4-dd62-44f6-8886-ac6137cf52b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1134 - Protection Of Audit Information | Access By Subset Of Privileged Users\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1134\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4e95f70e-181c-4422-9da2-43079710c789\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1267 - Alternate Storage Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1267\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4e97ba1d-be5d-4953-8da4-0cccf28f4805\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1192 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1192\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4ebd97f7-b105-4f50-8daf-c51465991240\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1139 - Audit Generation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1139\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4ed62522-de00-4dda-9810-5205733d2f34\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"A maximum of 3 owners should be designated for your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DesignateLessThanXOwners\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f11b553-d42e-4e3a-89be-32ca364cad4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1442 - Media Sanitization | Nondestructive Techniques\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1442\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f26049b-2c5a-4841-9ff3-d48a26aae475\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1182 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1182\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f34f554-da4b-4786-8d66-7915c90893da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"A security contact email address should be provided for your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enter an email address to receive notifications when Azure Security Center detects compromised resources\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/securityContacts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/securityContacts/email\",\r\n \"notEquals\": \"\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add a tag to resources\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Adds the specified tag and value when any resource missing this tag is created or updated. Existing resources can be remediated by triggering a remediation task. If the tag exists with a different value it will not be changed. Does not modify tags on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"add\",\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/4f9dc7db-30c1-420c-b61a-e1d640128d26\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4f9dc7db-30c1-420c-b61a-e1d640128d26\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview] Vulnerability Assessment should be enabled on Virtual Machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Azure Security Center Vulnerability Assessment on Virtual Machines\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"serverVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"NotApplicable\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"501541f7-f7e7-4cd6-868c-4190fdad3ac9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1485 - Delivery And Removal\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1485\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50301354-95d0-4a11-8af5-8039ecf6d38b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric Keys\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1646\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"506814fa-b930-4b10-894e-a45b98c40e1a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1566 - System Development Life Cycle\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1566\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50ad3724-e2ac-4716-afcc-d8eabd97adb9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy ensures that all Azure virtual network gateway connections use a custom Internet Protocol Security(Ipsec)/Internet Key Exchange(IKE) policy. Supported algorithms and key strengths - https://aka.ms/AA62kb0\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"IPsecEncryption\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IPsec Encryption\",\r\n \"description\": \"IPsec Encryption\"\r\n }\r\n },\r\n \"IPsecIntegrity\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IPsec Integrity\",\r\n \"description\": \"IPsec Integrity\"\r\n }\r\n },\r\n \"IKEEncryption\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IKE Encryption\",\r\n \"description\": \"IKE Encryption\"\r\n }\r\n },\r\n \"IKEIntegrity\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"IKE Integrity\",\r\n \"description\": \"IKE Integrity\"\r\n }\r\n },\r\n \"DHGroup\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"DH Group\",\r\n \"description\": \"DH Group\"\r\n }\r\n },\r\n \"PFSGroup\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"PFS Group\",\r\n \"description\": \"PFS Group\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/connections\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Network/connections/ipsecPolicies[*].ipsecEncryption\",\r\n \"notIn\": \"[parameters('IPsecEncryption')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/connections/ipsecPolicies[*].ipsecIntegrity\",\r\n \"notIn\": \"[parameters('IPsecIntegrity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/connections/ipsecPolicies[*].ikeEncryption\",\r\n \"notIn\": \"[parameters('IKEEncryption')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/connections/ipsecPolicies[*].ikeIntegrity\",\r\n \"notIn\": \"[parameters('IKEIntegrity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/connections/ipsecPolicies[*].dhGroup\",\r\n \"notIn\": \"[parameters('DHGroup')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/connections/ipsecPolicies[*].pfsGroup\",\r\n \"notIn\": \"[parameters('PFSGroup')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/50b83b09-03da-41c1-b656-c293c914862b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50b83b09-03da-41c1-b656-c293c914862b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1248 - Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1248\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"50fc602d-d8e0-444b-a039-ad138ee5deb0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1386 - Information Spillage Response\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1386\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5120193e-91fd-4f9d-bc6d-194f94734065\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1352 - Incident Response Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1352\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"518cb545-bfa8-43f8-a108-3b7d5037469a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1642 - Network Disconnect\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1642\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"53397227-5ee3-4b23-9e5e-c8a767ce6928\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Connection throttling should be enabled for PostgreSQL database servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy helps audit any PostgreSQL databases in your environment without Connection throttling enabled. This setting enables temporary connection throttling per IP for too many invalid password login failures.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.DBforPostgreSQL/servers/configurations\",\r\n \"name\": \"connection_throttling\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/configurations/value\",\r\n \"equals\": \"ON\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5345bb39-67dc-4960-a1bf-427e16b9a0bd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1467 - Visitor Access Records\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1467\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5350cbf9-8bdd-4904-b22a-e88be84ca49d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1183 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1183\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5352e3e0-e63a-452e-9e5f-9c1d181cff9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1029 - Information Flow Enforcement | Security Policy Filters\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1029\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1270\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"53c76a39-2097-408a-b237-b279f7b4614d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1040 - Least Privilege | Review Of User Privileges\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1040\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"54205576-cec9-463f-ba44-b4b3f5d0a84c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1015 - Account Management | Disable Inactive Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1015\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"544a208a-9c3f-40bc-b1d1-d7e144495c14\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1026 - Account Management | Disable Accounts For High-Risk Individuals\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1026\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"55419419-c597-4cd4-b51e-009fd2266783\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1045 - Unsuccessful Logon Attempts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1045\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"554d2dd6-f3a8-4ad5-b66f-5ce23bd18892\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1523 - Personnel Transfer\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1523\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5577a310-2551-49c8-803b-36e0d5e55601\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1113 - Response To Audit Processing Failures | Audit Storage Capacity\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1113\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"562afd61-56be-4313-8fe4-b9564aa4ba7d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1212 - Configuration Settings | Automated Central Management / Application / Verification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1212\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"56d970ee-4efc-49c8-8a4e-5916940d784c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1403\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"57149289-d52b-4f40-9fe6-5233c1ef80f7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CORS should not allow every resource to access your Web Applications\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Cross-Origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.cors.allowedOrigins[*]\",\r\n \"notEquals\": \"*\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5744710e-cc2f-4ee8-8809-3b11e89f4bc9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1162 - Continuous Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1162\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1054 - Session Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1054\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5807e1b4-ba5e-4718-8689-a0ca05a191b2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1584 - Information System Documentation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1584\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5864522b-ff1d-4979-a9f8-58bee1fb174c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1547 - Vulnerability Scanning\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1547\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1573 - Acquisition Process\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1573\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"58c93053-7b98-4cf0-b99f-1beb985416c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Ensure Function app is using the latest version of TLS encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Please use /providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193 instead. The TLS(Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS. App service allows TLS 1.2 by default, which is the recommended TLS level by industry standards, such as PCI DSS\",\r\n \"metadata\": {\r\n \"category\": \"App Service\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.minTlsVersion\",\r\n \"equals\": \"1.2\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/58d94fc1-a072-47c2-bd37-9cdb38e77453\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"58d94fc1-a072-47c2-bd37-9cdb38e77453\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1063 - Remote Access | Managed Access Control Points\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1063\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"593ce201-54b2-4dd0-b34f-c308005d7780\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1463 - Monitoring Physical Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1463\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"59721f87-ae25-4db0-a2a4-77cc5b25d495\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1425 - Timely Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1425\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5983d99c-f39b-4c32-a3dc-170f19f6941b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1512 - Personnel Screening\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1512\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5a8324ad-f599-429b-aaed-f9c6e8c987a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that do not have a minimum password age of 1 day\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not have a minimum password age of 1 day. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordAge\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1032 - Separation Of Duties\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1032\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aa85661-d618-46b8-a20f-ca40a86f0751\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that do not restrict the minimum password length to 14 characters\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not restrict the minimum password length to 14 characters. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MinimumPasswordLength\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1555\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5afa8cab-1ed7-4e40-884c-64e0ac2059cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1205 - Access Restrictions For Change | Signed Components\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1205\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b070cab-0fb8-4e48-ad29-fc90b4c2797c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1005 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1005\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b626abc-26d4-4e22-9de8-3831818526b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1105 - Audit Events\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1105\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b73f57b-587d-4470-a344-0b0ae805f459\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Linux VMs that have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1433 - Media Transport\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1433\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b879b41-2728-41c5-ad24-9ee2c37cbe65\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/clientCertEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5bb220d9-2698-4ee4-8404-b9c30c9df609\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs on which the remote host connection status does not match the specified one\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines on which the remote host connection status does not match the specified one. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"host\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Remote Host Name\",\r\n \"description\": \"Specifies the Domain Name System (DNS) name or IP address of the remote host machine.\"\r\n }\r\n },\r\n \"port\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Port\",\r\n \"description\": \"The TCP port number on the remote host name.\"\r\n }\r\n },\r\n \"shouldConnect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Should connect to remote host\",\r\n \"description\": \"Must be 'True' or 'False'. 'True' indicates that the virtual machine should be able to establish a connection with the remote host specified, so the machine will be non-compliant if it cannot establish a connection. 'False' indicates that the virtual machine should not be able to establish a connection with the remote host specified, so the machine will be non-compliant if it can establish a connection.\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsRemoteConnection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[WindowsRemoteConnection]WindowsRemoteConnection1;host', '=', parameters('host'), ',', '[WindowsRemoteConnection]WindowsRemoteConnection1;port', '=', parameters('port'), ',', '[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect', '=', parameters('shouldConnect')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsRemoteConnection\"\r\n },\r\n \"host\": {\r\n \"value\": \"[parameters('host')]\"\r\n },\r\n \"port\": {\r\n \"value\": \"[parameters('port')]\"\r\n },\r\n \"shouldConnect\": {\r\n \"value\": \"[parameters('shouldConnect')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"host\": {\r\n \"type\": \"string\"\r\n },\r\n \"port\": {\r\n \"type\": \"string\"\r\n },\r\n \"shouldConnect\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsRemoteConnection]WindowsRemoteConnection1;host\",\r\n \"value\": \"[parameters('host')]\"\r\n },\r\n {\r\n \"name\": \"[WindowsRemoteConnection]WindowsRemoteConnection1;port\",\r\n \"value\": \"[parameters('port')]\"\r\n },\r\n {\r\n \"name\": \"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect\",\r\n \"value\": \"[parameters('shouldConnect')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsRemoteConnection]WindowsRemoteConnection1;host\",\r\n \"value\": \"[parameters('host')]\"\r\n },\r\n {\r\n \"name\": \"[WindowsRemoteConnection]WindowsRemoteConnection1;port\",\r\n \"value\": \"[parameters('port')]\"\r\n },\r\n {\r\n \"name\": \"[WindowsRemoteConnection]WindowsRemoteConnection1;shouldConnect\",\r\n \"value\": \"[parameters('shouldConnect')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5bb36dda-8a78-4df9-affd-4f05a8612a8a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1551\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5bbda922-0172-4095-89e6-5b4a0bf03af7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Network Security'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Network Security'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsNetworkSecurity\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c028d2a-1889-45f6-b821-31f42711ced8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1671 - Flaw Remediation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1671\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c5bbef7-a316-415b-9b38-29753ce8e698\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1067 - Wireless Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1067\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c5e54f6-0127-44d0-8b61-f31dc8dd6190\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"External accounts with write permissions should be removed from your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5c607a2e-c700-4744-8254-d77e7c9eb5e4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1483 - Water Damage Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1483\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5cb81060-3c8a-4968-bcdc-395a1801f6c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1362 - Incident Handling\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1362\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5d169442-d6ef-439b-8dca-46c2c3248214\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1014 - Account Management | Removal Of Temporary / Emergency Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1014\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5dee936c-8037-4df1-ab35-6635733da48c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1665 - Process Isolation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1665\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df3a55c-8456-44d4-941e-175f79332512\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Function App should only be accessible over HTTPS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"OnlyHttpsForFunctionApp\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5df82f4f-773a-4a2d-97a2-422a806f1a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1251\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e2b3730-8c14-4081-8893-19dbb5de7348\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Applications that are not using latest supported .NET Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestDotNet\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e3315e0-a414-4efb-a4d2-c7bd2b0443d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs that do not have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WhitelistedApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1116 - Audit Review, Analysis, And Reporting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1116\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5e47bc51-35d1-44b8-92af-e2f2d8b67635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1208 - Configuration Settings\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1208\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ea87673-d06b-456f-a324-8abcee5c159f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation only in India data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation in the following locations only: West India, South India, Central India\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"12*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"14.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"16.04*LTS\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"18.04*LTS\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Oracle\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Oracle-Linux\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\",\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"OmsAgentForLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"MMAExtension\",\r\n \"vmExtensionPublisher\": \"Microsoft.EnterpriseCloud.Monitoring\",\r\n \"vmExtensionType\": \"OmsAgentForLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {\r\n \"workspaceId\": \"[reference(parameters('logAnalytics'), '2015-03-20').customerId]\",\r\n \"stopOnMultipleConnections\": \"true\"\r\n },\r\n \"protectedSettings\": {\r\n \"workspaceKey\": \"[listKeys(parameters('logAnalytics'), '2015-03-20').primarySharedKey]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1576 - Acquisition Process | Design / Implementation Information For Security Controls\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1576\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f18c885-ade3-48c5-80b1-8f9216019c18\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"External accounts with read permissions should be removed from your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f76cf89-fbf2-47fd-a3f4-b891fa780b60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add or replace a tag on resources\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Adds or replaces the specified tag and value when any resource is created or updated. Existing resources can be remediated by triggering a remediation task. Does not modify tags on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"addOrReplace\",\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5ffd78d9-436d-4b41-a421-5baa819e3008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5ffd78d9-436d-4b41-a421-5baa819e3008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1663 - Protection Of Information At Rest\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1663\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60171210-6dde-40af-a144-bf2670518bfa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - Object Access'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Object Access'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesObjectAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60aeaf73-a074-417a-905f-7ce9df0ff77b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Storage Accounts should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Storage Account not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.defaultAction\",\r\n \"notEquals\": \"Deny\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*].id\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60d21c4f-21a3-4d94-85f4-b924e6aeeda4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows web servers that are not using secure communication protocols\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Advanced Data Security on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables Advanced Data Security on SQL Servers. This includes turning on Threat Detection and Vulnerability Assessment. It will automatically create a storage account in the same region and resource group as the SQL server to store scan results, with a 'sqlva' prefix.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/securityAlertPolicies.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"serverResourceGroupName\": \"[resourceGroup().name]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), variables('serverResourceGroupName'), parameters('location'))]\",\r\n \"storageName\": \"[tolower(concat('sqlva', variables('uniqueStorage')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[variables('storageName')]\",\r\n \"apiVersion\": \"2019-04-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\"\r\n },\r\n \"kind\": \"StorageV2\",\r\n \"properties\": {}\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"emailAccountAdmins\": true\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/vulnerabilityAssessments\",\r\n \"apiVersion\": \"2018-06-01-preview\",\r\n \"properties\": {\r\n \"storageContainerPath\": \"[concat(reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageName'))).primaryEndpoints.blob, 'vulnerability-assessment')]\",\r\n \"storageAccountAccessKey\": \"[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), '2018-02-01').keys[0].value]\",\r\n \"recurringScans\": {\r\n \"isEnabled\": true,\r\n \"emailSubscriptionAdmins\": true,\r\n \"emails\": []\r\n }\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Storage/storageAccounts/', variables('storageName'))]\",\r\n \"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/securityAlertPolicies/Default')]\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6134c3db-786f-471e-87bc-8f479dc890f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Configure time zone on Windows machines.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to set specified time zone on Windows virtual machines.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"TimeZone\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time zone\",\r\n \"description\": \"The expected time zone\"\r\n },\r\n \"allowedValues\": [\r\n \"(UTC-12:00) International Date Line West\",\r\n \"(UTC-11:00) Coordinated Universal Time-11\",\r\n \"(UTC-10:00) Aleutian Islands\",\r\n \"(UTC-10:00) Hawaii\",\r\n \"(UTC-09:30) Marquesas Islands\",\r\n \"(UTC-09:00) Alaska\",\r\n \"(UTC-09:00) Coordinated Universal Time-09\",\r\n \"(UTC-08:00) Baja California\",\r\n \"(UTC-08:00) Coordinated Universal Time-08\",\r\n \"(UTC-08:00) Pacific Time (US & Canada)\",\r\n \"(UTC-07:00) Arizona\",\r\n \"(UTC-07:00) Chihuahua, La Paz, Mazatlan\",\r\n \"(UTC-07:00) Mountain Time (US & Canada)\",\r\n \"(UTC-06:00) Central America\",\r\n \"(UTC-06:00) Central Time (US & Canada)\",\r\n \"(UTC-06:00) Easter Island\",\r\n \"(UTC-06:00) Guadalajara, Mexico City, Monterrey\",\r\n \"(UTC-06:00) Saskatchewan\",\r\n \"(UTC-05:00) Bogota, Lima, Quito, Rio Branco\",\r\n \"(UTC-05:00) Chetumal\",\r\n \"(UTC-05:00) Eastern Time (US & Canada)\",\r\n \"(UTC-05:00) Haiti\",\r\n \"(UTC-05:00) Havana\",\r\n \"(UTC-05:00) Indiana (East)\",\r\n \"(UTC-05:00) Turks and Caicos\",\r\n \"(UTC-04:00) Asuncion\",\r\n \"(UTC-04:00) Atlantic Time (Canada)\",\r\n \"(UTC-04:00) Caracas\",\r\n \"(UTC-04:00) Cuiaba\",\r\n \"(UTC-04:00) Georgetown, La Paz, Manaus, San Juan\",\r\n \"(UTC-04:00) Santiago\",\r\n \"(UTC-03:30) Newfoundland\",\r\n \"(UTC-03:00) Araguaina\",\r\n \"(UTC-03:00) Brasilia\",\r\n \"(UTC-03:00) Cayenne, Fortaleza\",\r\n \"(UTC-03:00) City of Buenos Aires\",\r\n \"(UTC-03:00) Greenland\",\r\n \"(UTC-03:00) Montevideo\",\r\n \"(UTC-03:00) Punta Arenas\",\r\n \"(UTC-03:00) Saint Pierre and Miquelon\",\r\n \"(UTC-03:00) Salvador\",\r\n \"(UTC-02:00) Coordinated Universal Time-02\",\r\n \"(UTC-02:00) Mid-Atlantic - Old\",\r\n \"(UTC-01:00) Azores\",\r\n \"(UTC-01:00) Cabo Verde Is.\",\r\n \"(UTC) Coordinated Universal Time\",\r\n \"(UTC+00:00) Dublin, Edinburgh, Lisbon, London\",\r\n \"(UTC+00:00) Monrovia, Reykjavik\",\r\n \"(UTC+00:00) Sao Tome\",\r\n \"(UTC+01:00) Casablanca\",\r\n \"(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna\",\r\n \"(UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague\",\r\n \"(UTC+01:00) Brussels, Copenhagen, Madrid, Paris\",\r\n \"(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb\",\r\n \"(UTC+01:00) West Central Africa\",\r\n \"(UTC+02:00) Amman\",\r\n \"(UTC+02:00) Athens, Bucharest\",\r\n \"(UTC+02:00) Beirut\",\r\n \"(UTC+02:00) Cairo\",\r\n \"(UTC+02:00) Chisinau\",\r\n \"(UTC+02:00) Damascus\",\r\n \"(UTC+02:00) Gaza, Hebron\",\r\n \"(UTC+02:00) Harare, Pretoria\",\r\n \"(UTC+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius\",\r\n \"(UTC+02:00) Jerusalem\",\r\n \"(UTC+02:00) Kaliningrad\",\r\n \"(UTC+02:00) Khartoum\",\r\n \"(UTC+02:00) Tripoli\",\r\n \"(UTC+02:00) Windhoek\",\r\n \"(UTC+03:00) Baghdad\",\r\n \"(UTC+03:00) Istanbul\",\r\n \"(UTC+03:00) Kuwait, Riyadh\",\r\n \"(UTC+03:00) Minsk\",\r\n \"(UTC+03:00) Moscow, St. Petersburg\",\r\n \"(UTC+03:00) Nairobi\",\r\n \"(UTC+03:30) Tehran\",\r\n \"(UTC+04:00) Abu Dhabi, Muscat\",\r\n \"(UTC+04:00) Astrakhan, Ulyanovsk\",\r\n \"(UTC+04:00) Baku\",\r\n \"(UTC+04:00) Izhevsk, Samara\",\r\n \"(UTC+04:00) Port Louis\",\r\n \"(UTC+04:00) Saratov\",\r\n \"(UTC+04:00) Tbilisi\",\r\n \"(UTC+04:00) Volgograd\",\r\n \"(UTC+04:00) Yerevan\",\r\n \"(UTC+04:30) Kabul\",\r\n \"(UTC+05:00) Ashgabat, Tashkent\",\r\n \"(UTC+05:00) Ekaterinburg\",\r\n \"(UTC+05:00) Islamabad, Karachi\",\r\n \"(UTC+05:00) Qyzylorda\",\r\n \"(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi\",\r\n \"(UTC+05:30) Sri Jayawardenepura\",\r\n \"(UTC+05:45) Kathmandu\",\r\n \"(UTC+06:00) Astana\",\r\n \"(UTC+06:00) Dhaka\",\r\n \"(UTC+06:00) Omsk\",\r\n \"(UTC+06:30) Yangon (Rangoon)\",\r\n \"(UTC+07:00) Bangkok, Hanoi, Jakarta\",\r\n \"(UTC+07:00) Barnaul, Gorno-Altaysk\",\r\n \"(UTC+07:00) Hovd\",\r\n \"(UTC+07:00) Krasnoyarsk\",\r\n \"(UTC+07:00) Novosibirsk\",\r\n \"(UTC+07:00) Tomsk\",\r\n \"(UTC+08:00) Beijing, Chongqing, Hong Kong, Urumqi\",\r\n \"(UTC+08:00) Irkutsk\",\r\n \"(UTC+08:00) Kuala Lumpur, Singapore\",\r\n \"(UTC+08:00) Perth\",\r\n \"(UTC+08:00) Taipei\",\r\n \"(UTC+08:00) Ulaanbaatar\",\r\n \"(UTC+08:45) Eucla\",\r\n \"(UTC+09:00) Chita\",\r\n \"(UTC+09:00) Osaka, Sapporo, Tokyo\",\r\n \"(UTC+09:00) Pyongyang\",\r\n \"(UTC+09:00) Seoul\",\r\n \"(UTC+09:00) Yakutsk\",\r\n \"(UTC+09:30) Adelaide\",\r\n \"(UTC+09:30) Darwin\",\r\n \"(UTC+10:00) Brisbane\",\r\n \"(UTC+10:00) Canberra, Melbourne, Sydney\",\r\n \"(UTC+10:00) Guam, Port Moresby\",\r\n \"(UTC+10:00) Hobart\",\r\n \"(UTC+10:00) Vladivostok\",\r\n \"(UTC+10:30) Lord Howe Island\",\r\n \"(UTC+11:00) Bougainville Island\",\r\n \"(UTC+11:00) Chokurdakh\",\r\n \"(UTC+11:00) Magadan\",\r\n \"(UTC+11:00) Norfolk Island\",\r\n \"(UTC+11:00) Sakhalin\",\r\n \"(UTC+11:00) Solomon Is., New Caledonia\",\r\n \"(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky\",\r\n \"(UTC+12:00) Auckland, Wellington\",\r\n \"(UTC+12:00) Coordinated Universal Time+12\",\r\n \"(UTC+12:00) Fiji\",\r\n \"(UTC+12:00) Petropavlovsk-Kamchatsky - Old\",\r\n \"(UTC+12:45) Chatham Islands\",\r\n \"(UTC+13:00) Coordinated Universal Time+13\",\r\n \"(UTC+13:00) Nuku'alofa\",\r\n \"(UTC+13:00) Samoa\",\r\n \"(UTC+14:00) Kiritimati Island\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"SetWindowsTimeZone\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[WindowsTimeZone]WindowsTimeZone1;TimeZone', '=', parameters('TimeZone')))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"SetWindowsTimeZone\"\r\n },\r\n \"TimeZone\": {\r\n \"value\": \"[parameters('TimeZone')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"TimeZone\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"assignmentType\": \"DeployAndAutoCorrect\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\r\n \"value\": \"[parameters('TimeZone')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"assignmentType\": \"DeployAndAutoCorrect\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\r\n \"value\": \"[parameters('TimeZone')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6141c932-9384-44c6-a395-59e4c057d7c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6141c932-9384-44c6-a395-59e4c057d7c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].name\",\r\n \"notEquals\": \"Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name\",\r\n \"notEquals\": \"ClusterProtectionLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value\",\r\n \"notEquals\": \"EncryptAndSign\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"617c02be-7f02-4efd-8836-3180d47b6c68\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1110 - Audit Storage Capacity\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1110\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6182bfa7-0f2a-43f5-834a-a2ddf31c13c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1415 - Nonlocal Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1415\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"61a1dd98-b259-4840-abd5-fbba7ee0da83\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1153 - System Interconnections\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1153\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"61cf3125-142c-4754-8a16-41ab4d529635\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - System objects'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - System objects'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsSystemobjects\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"620e58b5-ac75-49b4-993f-a9d4f0459636\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1682\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"62b638c5-29d7-404b-8d93-f21e4b1ce198\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1660 - Session Authenticity\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1660\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"63096613-ce83-43e5-96f4-e588e8813554\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1002 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1002\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"632024c2-8079-439d-a7f6-90af1d78cc65\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1498 - Rules Of Behavior\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1498\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"633988b9-cf2f-4323-8394-f0d2af9cd6e1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1177 - Baseline Configuration | Reviews And Updates\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1177\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1185 - Configuration Change Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1185\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6420cd73-b939-43b7-9d99-e8688fea053c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Devices'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Devices'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"DevicesAllowedToFormatAndEjectRemovableMedia\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Devices: Allowed to format and eject removable media\",\r\n \"description\": \"Specifies who is allowed to format and eject removable NTFS media. You can use this policy setting to prevent unauthorized users from removing data on one computer to access it on another computer on which they have local administrator privileges.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsDevices\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Devices: Allowed to format and eject removable media;ExpectedValue', '=', parameters('DevicesAllowedToFormatAndEjectRemovableMedia')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsDevices\"\r\n },\r\n \"DevicesAllowedToFormatAndEjectRemovableMedia\": {\r\n \"value\": \"[parameters('DevicesAllowedToFormatAndEjectRemovableMedia')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"DevicesAllowedToFormatAndEjectRemovableMedia\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Devices: Allowed to format and eject removable media;ExpectedValue\",\r\n \"value\": \"[parameters('DevicesAllowedToFormatAndEjectRemovableMedia')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Devices: Allowed to format and eject removable media;ExpectedValue\",\r\n \"value\": \"[parameters('DevicesAllowedToFormatAndEjectRemovableMedia')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6481cc21-ed6e-4480-99dd-ea7c5222e897\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1441 - Media Sanitization | Equipment Testing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1441\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6519d7f3-e8a2-4ff3-a935-9a9497152ad7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1558\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"65592b16-4367-42c5-a26e-d371be450e17\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit missing blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy is no longer necessary because storage blob encryption is enabled by default and cannot be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"655cb504-bcee-4362-bd4c-402e6aa38759\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1261 - Contingency Plan Testing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1261\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"65aeceb5-a59c-4cb1-8d82-9c474be5d431\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit IP restrictions configuration for a Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a Function app from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/664346d9-be92-43fb-a219-d595eeb76a90\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"664346d9-be92-43fb-a219-d595eeb76a90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1444 - Media Use | Prohibit Use Without Owner\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1444\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"666143df-f5e0-45bd-b554-135f0f93e44e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1319 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1319\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"66f7ae57-5560-4fc5-85c9-659f204e7a42\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1628 - Boundary Protection | External Telecommunications Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1628\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"67de62b4-a737-4781-8861-3baed3c35069\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1377 - Incident Response Assistance | Coordination With External Providers\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1377\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"68434bd1-e14b-4031-9edb-a4adf5f84a67\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs on which the Log Analytics agent is not connected as expected\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"WorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Connected workspace IDs\",\r\n \"description\": \"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsLogAnalyticsAgentConnection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId', '=', parameters('WorkspaceId')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsLogAnalyticsAgentConnection\"\r\n },\r\n \"WorkspaceId\": {\r\n \"value\": \"[parameters('WorkspaceId')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"WorkspaceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId\",\r\n \"value\": \"[parameters('WorkspaceId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LogAnalyticsAgent]LogAnalyticsAgent1;WorkspaceId\",\r\n \"value\": \"[parameters('WorkspaceId')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"68511db2-bd02-41c4-ae6b-1900a012968a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1597 - Developer Configuration Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1597\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"68b250ec-2e4f-4eee-898a-117a9fda7016\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1588 - External Information System Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1588\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"68ebae26-e0e0-4ecb-8379-aabf633b51e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1070 - Wireless Access | Disable Wireless Networking\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1070\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"68f837d0-8942-4b1e-9b31-be78b247bda8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1727 - Memory Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1727\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"697175a7-9715-4e89-b98b-c6f605888fa3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1652 - Mobile Code\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1652\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6998e84a-2d29-4e10-8962-76754d4f772d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1699 - Information System Monitoring | Privileged Users\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1699\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"69c7bee8-bc19-4129-a51e-65a7b39d3e7c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1696 - Information System Monitoring | Correlate Monitoring Information\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1696\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"69d2a238-20ab-4206-a6dc-f302bf88b1b8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1244 - Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1244\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a13a8f8-c163-4b1b-8554-d63569dab937\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1019 - Account Management | Role-Based Schemes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1019\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a3ee9b2-3977-459c-b8ce-2db583abd9f7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit Guard is not enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines on which Windows Defender Exploit Guard is not enabled. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"NotAvailableMachineState\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"State in which to show VMs on which Windows Defender Exploit Guard is not available\",\r\n \"description\": \"Windows Defender Exploit Guard is only available starting with Windows 10/Windows Server with update 1709. Setting this value to 'Non-Compliant' will make machines with older versions on which Windows Defender Exploit Guard is not available (such as Windows Server 2012 R2) non-compliant. Setting this value to 'Compliant' will make these machines compliant.\"\r\n },\r\n \"allowedValues\": [\r\n \"Compliant\",\r\n \"Non-Compliant\"\r\n ],\r\n \"defaultValue\": \"Non-Compliant\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsDefenderExploitGuard\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState', '=', parameters('NotAvailableMachineState')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsDefenderExploitGuard\"\r\n },\r\n \"NotAvailableMachineState\": {\r\n \"value\": \"[parameters('NotAvailableMachineState')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"NotAvailableMachineState\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState\",\r\n \"value\": \"[parameters('NotAvailableMachineState')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsDefenderExploitGuard]WindowsDefenderExploitGuard1;NotAvailableMachineState\",\r\n \"value\": \"[parameters('NotAvailableMachineState')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a7a2bcf-f9be-4e35-9734-4f9657a70f1d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit IP restrictions configuration for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"IP Restrictions allow you to define a list of IP addresses that are allowed to access your app. Use of IP Restrictions protects a web application from common attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ConfigureIPRestrictions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8450e2-6c61-43b4-be65-62e3a197bffe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8450e2-6c61-43b4-be65-62e3a197bffe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1211 - Configuration Settings\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1211\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6a8b9dc8-6b00-4701-aa96-bba3277ebf50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Ensure WEB app is using the latest version of TLS encryption \",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Please use /providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b instead. The TLS(Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS. App service allows TLS 1.2 by default, which is the recommended TLS level by industry standards, such as PCI DSS.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.minTlsVersion\",\r\n \"equals\": \"1.2\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6ad61431-88ce-4357-a0e1-6da43f292bd7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ad61431-88ce-4357-a0e1-6da43f292bd7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1653 - Mobile Code\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1653\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deprecated accounts should be removed from your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b1cbf55-e8b6-442f-ba4c-7246b6381474\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Service Bus to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Service Bus to stream to a regional Event Hub when any Service Bus which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.ServiceBus/namespaces/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"OperationalLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b51af03-9277-49a9-a3f8-1c69c9ff7403\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b51af03-9277-49a9-a3f8-1c69c9ff7403\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1031 - Separation Of Duties\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1031\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6b93a801-fe25-4574-a60d-cb22acffae00\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Not allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization cannot deploy.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesNotAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that cannot be deployed.\",\r\n \"displayName\": \"Not allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesNotAllowed')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c112d4e-5bc7-47ae-a041-ea2d9dccd749\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1338 - Authenticator Management | Automated Support For Password Strength Determination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1338\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6c59a207-6aed-41dc-83a2-e1ff66e4a4db\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1304 - Identification And Authentication (Org. Users) | Local Access To Non-Privileged Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1304\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1437 - Media Transport | Cryptographic Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1437\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d1eb6ed-bf13-4046-b993-b9e2aef0f76c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1171 - Penetration Testing | Independent Penetration Agent Or Team\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1171\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d4820bc-8b61-4982-9501-2123cb776c00\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Function App should only be accessible over HTTPS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1643 - Cryptographic Key Establishment And Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1643\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d8d492c-dd7a-46f7-a723-fa66a425b87c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1291\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1175 - Configuration Management Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1175\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6dab4254-c30d-4bb7-ae99-1d21586c063c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1651 - Mobile Code\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1651\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6db63528-c9ba-491c-8a80-83e1e6977a50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Email notification for high severity alerts should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enable emailing security alerts to the security contact, in order to have them receive security alert emails from Microsoft. This ensures that the right people are aware of any potential security issues and are able to mitigate the risks\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/securityContacts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/securityContacts/alertNotifications\",\r\n \"notEquals\": \"Off\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6e2593d9-add6-4083-9c9b-4b7d2188c899\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1586 - External Information System Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1586\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6e3b2fbd-8f37-4766-a64d-3f37703dcb51\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1536 - Risk Assessment Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1536\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6e40d9de-2ad4-4cb5-8945-23143326a502\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1530 - Third-Party Personnel Security\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1530\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6e8f9566-29f1-49cd-b61f-f8628a3cf993\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1460 - Access Control For Output Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1460\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f3ce1bb-4f77-4695-8355-70b08d54fdda\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1320 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1320\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6f54c732-71d4-4f93-a696-4e373eca3a77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdb9205-3462-4cfc-87d8-16c7860b53f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1141 - Audit Generation | Changes By Authorized Individuals\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1141\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fdefbf4-93e7-4513-bc95-c1858b7093e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Server'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Microsoft Network Server'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsMicrosoftNetworkServer\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"6fe4ef56-7576-4dc4-8e9c-26bad4b087ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'Python version' is the latest, if used as a part of the Web app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for web apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"WindowsPythonLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Latest Python version\",\r\n \"description\": \"Latest supported Python version for App Services\"\r\n },\r\n \"defaultValue\": \"3.6\"\r\n },\r\n \"LinuxPythonLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Linux Latest Python version\",\r\n \"description\": \"Latest supported Python version for App Services\"\r\n },\r\n \"defaultValue\": \"3.8\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"PYTHON\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"[concat('PYTHON|', parameters('LinuxPythonLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"[parameters('WindowsPythonLatestVersion')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7008174a-fd10-4ef0-817e-fc820a951d73\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Components'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Components'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"SendFileSamplesWhenFurtherAnalysisIsRequired\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Send file samples when further analysis is required\",\r\n \"description\": \"Specifies whether and how Windows Defender will submit samples of suspected malware to Microsoft for further analysis when opt-in for MAPS telemetry is set.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"AllowIndexingOfEncryptedFiles\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow indexing of encrypted files\",\r\n \"description\": \"Specifies whether encrypted items are allowed to be indexed.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AllowTelemetry\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow Telemetry\",\r\n \"description\": \"Specifies configuration of the amount of diagnostic and usage data reported to Microsoft. The data is transmitted securely and sensitive data is not sent.\"\r\n },\r\n \"defaultValue\": \"2\"\r\n },\r\n \"AllowUnencryptedTraffic\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow unencrypted traffic\",\r\n \"description\": \"Specifies whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AlwaysInstallWithElevatedPrivileges\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Always install with elevated privileges\",\r\n \"description\": \"Specifies whether Windows Installer should use system permissions when it installs any program on the system.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AlwaysPromptForPasswordUponConnection\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Always prompt for password upon connection\",\r\n \"description\": \"Specifies whether Terminal Services/Remote Desktop Connection always prompts the client computer for a password upon connection.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"ApplicationSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the Application event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"32768\"\r\n },\r\n \"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Automatically send memory dumps for OS-generated error reports\",\r\n \"description\": \"Specifies if memory dumps in support of OS-generated error reports can be sent to Microsoft automatically.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"ConfigureDefaultConsent\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Configure Default consent\",\r\n \"description\": \"Specifies setting of the default consent handling for error reports sent to Microsoft.\"\r\n },\r\n \"defaultValue\": \"4\"\r\n },\r\n \"ConfigureWindowsSmartScreen\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Configure Windows SmartScreen\",\r\n \"description\": \"Specifies how to manage the behavior of Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users before running unrecognized programs downloaded from the Internet. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"DisallowDigestAuthentication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Disallow Digest authentication\",\r\n \"description\": \"Specifies whether the Windows Remote Management (WinRM) client will not use Digest authentication.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"DisallowWinRMFromStoringRunAsCredentials\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Disallow WinRM from storing RunAs credentials\",\r\n \"description\": \"Specifies whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"DoNotAllowPasswordsToBeSaved\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Do not allow passwords to be saved\",\r\n \"description\": \"Specifies whether to prevent Remote Desktop Services - Terminal Services clients from saving passwords on a computer.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"SecuritySpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Security: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the Security event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"196608\"\r\n },\r\n \"SetClientConnectionEncryptionLevel\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Set client connection encryption level\",\r\n \"description\": \"Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption.\"\r\n },\r\n \"defaultValue\": \"3\"\r\n },\r\n \"SetTheDefaultBehaviorForAutoRun\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Set the default behavior for AutoRun\",\r\n \"description\": \"Specifies the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"SetupSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Setup: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the Setup event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"32768\"\r\n },\r\n \"SystemSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the System event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"32768\"\r\n },\r\n \"TurnOffDataExecutionPreventionForExplorer\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Turn off Data Execution Prevention for Explorer\",\r\n \"description\": \"Specifies whether to turn off Data Execution Prevention for Windows File Explorer. Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"SpecifyTheIntervalToCheckForDefinitionUpdates\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Specify the interval to check for definition updates\",\r\n \"description\": \"Specifies an interval at which to check for Windows Defender definition updates. The time value is represented as the number of hours between update checks.\"\r\n },\r\n \"defaultValue\": \"8\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_WindowsComponents\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Send file samples when further analysis is required;ExpectedValue', '=', parameters('SendFileSamplesWhenFurtherAnalysisIsRequired'), ',', 'Allow indexing of encrypted files;ExpectedValue', '=', parameters('AllowIndexingOfEncryptedFiles'), ',', 'Allow Telemetry;ExpectedValue', '=', parameters('AllowTelemetry'), ',', 'Allow unencrypted traffic;ExpectedValue', '=', parameters('AllowUnencryptedTraffic'), ',', 'Always install with elevated privileges;ExpectedValue', '=', parameters('AlwaysInstallWithElevatedPrivileges'), ',', 'Always prompt for password upon connection;ExpectedValue', '=', parameters('AlwaysPromptForPasswordUponConnection'), ',', 'Application: Specify the maximum log file size (KB);ExpectedValue', '=', parameters('ApplicationSpecifyTheMaximumLogFileSizeKB'), ',', 'Automatically send memory dumps for OS-generated error reports;ExpectedValue', '=', parameters('AutomaticallySendMemoryDumpsForOSgeneratedErrorReports'), ',', 'Configure Default consent;ExpectedValue', '=', parameters('ConfigureDefaultConsent'), ',', 'Configure Windows SmartScreen;ExpectedValue', '=', parameters('ConfigureWindowsSmartScreen'), ',', 'Disallow Digest authentication;ExpectedValue', '=', parameters('DisallowDigestAuthentication'), ',', 'Disallow WinRM from storing RunAs credentials;ExpectedValue', '=', parameters('DisallowWinRMFromStoringRunAsCredentials'), ',', 'Do not allow passwords to be saved;ExpectedValue', '=', parameters('DoNotAllowPasswordsToBeSaved'), ',', 'Security: Specify the maximum log file size (KB);ExpectedValue', '=', parameters('SecuritySpecifyTheMaximumLogFileSizeKB'), ',', 'Set client connection encryption level;ExpectedValue', '=', parameters('SetClientConnectionEncryptionLevel'), ',', 'Set the default behavior for AutoRun;ExpectedValue', '=', parameters('SetTheDefaultBehaviorForAutoRun'), ',', 'Setup: Specify the maximum log file size (KB);ExpectedValue', '=', parameters('SetupSpecifyTheMaximumLogFileSizeKB'), ',', 'System: Specify the maximum log file size (KB);ExpectedValue', '=', parameters('SystemSpecifyTheMaximumLogFileSizeKB'), ',', 'Turn off Data Execution Prevention for Explorer;ExpectedValue', '=', parameters('TurnOffDataExecutionPreventionForExplorer'), ',', 'Specify the interval to check for definition updates;ExpectedValue', '=', parameters('SpecifyTheIntervalToCheckForDefinitionUpdates')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_WindowsComponents\"\r\n },\r\n \"SendFileSamplesWhenFurtherAnalysisIsRequired\": {\r\n \"value\": \"[parameters('SendFileSamplesWhenFurtherAnalysisIsRequired')]\"\r\n },\r\n \"AllowIndexingOfEncryptedFiles\": {\r\n \"value\": \"[parameters('AllowIndexingOfEncryptedFiles')]\"\r\n },\r\n \"AllowTelemetry\": {\r\n \"value\": \"[parameters('AllowTelemetry')]\"\r\n },\r\n \"AllowUnencryptedTraffic\": {\r\n \"value\": \"[parameters('AllowUnencryptedTraffic')]\"\r\n },\r\n \"AlwaysInstallWithElevatedPrivileges\": {\r\n \"value\": \"[parameters('AlwaysInstallWithElevatedPrivileges')]\"\r\n },\r\n \"AlwaysPromptForPasswordUponConnection\": {\r\n \"value\": \"[parameters('AlwaysPromptForPasswordUponConnection')]\"\r\n },\r\n \"ApplicationSpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('ApplicationSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports\": {\r\n \"value\": \"[parameters('AutomaticallySendMemoryDumpsForOSgeneratedErrorReports')]\"\r\n },\r\n \"ConfigureDefaultConsent\": {\r\n \"value\": \"[parameters('ConfigureDefaultConsent')]\"\r\n },\r\n \"ConfigureWindowsSmartScreen\": {\r\n \"value\": \"[parameters('ConfigureWindowsSmartScreen')]\"\r\n },\r\n \"DisallowDigestAuthentication\": {\r\n \"value\": \"[parameters('DisallowDigestAuthentication')]\"\r\n },\r\n \"DisallowWinRMFromStoringRunAsCredentials\": {\r\n \"value\": \"[parameters('DisallowWinRMFromStoringRunAsCredentials')]\"\r\n },\r\n \"DoNotAllowPasswordsToBeSaved\": {\r\n \"value\": \"[parameters('DoNotAllowPasswordsToBeSaved')]\"\r\n },\r\n \"SecuritySpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('SecuritySpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"SetClientConnectionEncryptionLevel\": {\r\n \"value\": \"[parameters('SetClientConnectionEncryptionLevel')]\"\r\n },\r\n \"SetTheDefaultBehaviorForAutoRun\": {\r\n \"value\": \"[parameters('SetTheDefaultBehaviorForAutoRun')]\"\r\n },\r\n \"SetupSpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('SetupSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"SystemSpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('SystemSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"TurnOffDataExecutionPreventionForExplorer\": {\r\n \"value\": \"[parameters('TurnOffDataExecutionPreventionForExplorer')]\"\r\n },\r\n \"SpecifyTheIntervalToCheckForDefinitionUpdates\": {\r\n \"value\": \"[parameters('SpecifyTheIntervalToCheckForDefinitionUpdates')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"SendFileSamplesWhenFurtherAnalysisIsRequired\": {\r\n \"type\": \"string\"\r\n },\r\n \"AllowIndexingOfEncryptedFiles\": {\r\n \"type\": \"string\"\r\n },\r\n \"AllowTelemetry\": {\r\n \"type\": \"string\"\r\n },\r\n \"AllowUnencryptedTraffic\": {\r\n \"type\": \"string\"\r\n },\r\n \"AlwaysInstallWithElevatedPrivileges\": {\r\n \"type\": \"string\"\r\n },\r\n \"AlwaysPromptForPasswordUponConnection\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"string\"\r\n },\r\n \"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports\": {\r\n \"type\": \"string\"\r\n },\r\n \"ConfigureDefaultConsent\": {\r\n \"type\": \"string\"\r\n },\r\n \"ConfigureWindowsSmartScreen\": {\r\n \"type\": \"string\"\r\n },\r\n \"DisallowDigestAuthentication\": {\r\n \"type\": \"string\"\r\n },\r\n \"DisallowWinRMFromStoringRunAsCredentials\": {\r\n \"type\": \"string\"\r\n },\r\n \"DoNotAllowPasswordsToBeSaved\": {\r\n \"type\": \"string\"\r\n },\r\n \"SecuritySpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"string\"\r\n },\r\n \"SetClientConnectionEncryptionLevel\": {\r\n \"type\": \"string\"\r\n },\r\n \"SetTheDefaultBehaviorForAutoRun\": {\r\n \"type\": \"string\"\r\n },\r\n \"SetupSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"string\"\r\n },\r\n \"SystemSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"string\"\r\n },\r\n \"TurnOffDataExecutionPreventionForExplorer\": {\r\n \"type\": \"string\"\r\n },\r\n \"SpecifyTheIntervalToCheckForDefinitionUpdates\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Send file samples when further analysis is required;ExpectedValue\",\r\n \"value\": \"[parameters('SendFileSamplesWhenFurtherAnalysisIsRequired')]\"\r\n },\r\n {\r\n \"name\": \"Allow indexing of encrypted files;ExpectedValue\",\r\n \"value\": \"[parameters('AllowIndexingOfEncryptedFiles')]\"\r\n },\r\n {\r\n \"name\": \"Allow Telemetry;ExpectedValue\",\r\n \"value\": \"[parameters('AllowTelemetry')]\"\r\n },\r\n {\r\n \"name\": \"Allow unencrypted traffic;ExpectedValue\",\r\n \"value\": \"[parameters('AllowUnencryptedTraffic')]\"\r\n },\r\n {\r\n \"name\": \"Always install with elevated privileges;ExpectedValue\",\r\n \"value\": \"[parameters('AlwaysInstallWithElevatedPrivileges')]\"\r\n },\r\n {\r\n \"name\": \"Always prompt for password upon connection;ExpectedValue\",\r\n \"value\": \"[parameters('AlwaysPromptForPasswordUponConnection')]\"\r\n },\r\n {\r\n \"name\": \"Application: Specify the maximum log file size (KB);ExpectedValue\",\r\n \"value\": \"[parameters('ApplicationSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n {\r\n \"name\": \"Automatically send memory dumps for OS-generated error reports;ExpectedValue\",\r\n \"value\": \"[parameters('AutomaticallySendMemoryDumpsForOSgeneratedErrorReports')]\"\r\n },\r\n {\r\n \"name\": \"Configure Default consent;ExpectedValue\",\r\n \"value\": \"[parameters('ConfigureDefaultConsent')]\"\r\n },\r\n {\r\n \"name\": \"Configure Windows SmartScreen;ExpectedValue\",\r\n \"value\": \"[parameters('ConfigureWindowsSmartScreen')]\"\r\n },\r\n {\r\n \"name\": \"Disallow Digest authentication;ExpectedValue\",\r\n \"value\": \"[parameters('DisallowDigestAuthentication')]\"\r\n },\r\n {\r\n \"name\": \"Disallow WinRM from storing RunAs credentials;ExpectedValue\",\r\n \"value\": \"[parameters('DisallowWinRMFromStoringRunAsCredentials')]\"\r\n },\r\n {\r\n \"name\": \"Do not allow passwords to be saved;ExpectedValue\",\r\n \"value\": \"[parameters('DoNotAllowPasswordsToBeSaved')]\"\r\n },\r\n {\r\n \"name\": \"Security: Specify the maximum log file size (KB);ExpectedValue\",\r\n \"value\": \"[parameters('SecuritySpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n {\r\n \"name\": \"Set client connection encryption level;ExpectedValue\",\r\n \"value\": \"[parameters('SetClientConnectionEncryptionLevel')]\"\r\n },\r\n {\r\n \"name\": \"Set the default behavior for AutoRun;ExpectedValue\",\r\n \"value\": \"[parameters('SetTheDefaultBehaviorForAutoRun')]\"\r\n },\r\n {\r\n \"name\": \"Setup: Specify the maximum log file size (KB);ExpectedValue\",\r\n \"value\": \"[parameters('SetupSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n {\r\n \"name\": \"System: Specify the maximum log file size (KB);ExpectedValue\",\r\n \"value\": \"[parameters('SystemSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n {\r\n \"name\": \"Turn off Data Execution Prevention for Explorer;ExpectedValue\",\r\n \"value\": \"[parameters('TurnOffDataExecutionPreventionForExplorer')]\"\r\n },\r\n {\r\n \"name\": \"Specify the interval to check for definition updates;ExpectedValue\",\r\n \"value\": \"[parameters('SpecifyTheIntervalToCheckForDefinitionUpdates')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Send file samples when further analysis is required;ExpectedValue\",\r\n \"value\": \"[parameters('SendFileSamplesWhenFurtherAnalysisIsRequired')]\"\r\n },\r\n {\r\n \"name\": \"Allow indexing of encrypted files;ExpectedValue\",\r\n \"value\": \"[parameters('AllowIndexingOfEncryptedFiles')]\"\r\n },\r\n {\r\n \"name\": \"Allow Telemetry;ExpectedValue\",\r\n \"value\": \"[parameters('AllowTelemetry')]\"\r\n },\r\n {\r\n \"name\": \"Allow unencrypted traffic;ExpectedValue\",\r\n \"value\": \"[parameters('AllowUnencryptedTraffic')]\"\r\n },\r\n {\r\n \"name\": \"Always install with elevated privileges;ExpectedValue\",\r\n \"value\": \"[parameters('AlwaysInstallWithElevatedPrivileges')]\"\r\n },\r\n {\r\n \"name\": \"Always prompt for password upon connection;ExpectedValue\",\r\n \"value\": \"[parameters('AlwaysPromptForPasswordUponConnection')]\"\r\n },\r\n {\r\n \"name\": \"Application: Specify the maximum log file size (KB);ExpectedValue\",\r\n \"value\": \"[parameters('ApplicationSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n {\r\n \"name\": \"Automatically send memory dumps for OS-generated error reports;ExpectedValue\",\r\n \"value\": \"[parameters('AutomaticallySendMemoryDumpsForOSgeneratedErrorReports')]\"\r\n },\r\n {\r\n \"name\": \"Configure Default consent;ExpectedValue\",\r\n \"value\": \"[parameters('ConfigureDefaultConsent')]\"\r\n },\r\n {\r\n \"name\": \"Configure Windows SmartScreen;ExpectedValue\",\r\n \"value\": \"[parameters('ConfigureWindowsSmartScreen')]\"\r\n },\r\n {\r\n \"name\": \"Disallow Digest authentication;ExpectedValue\",\r\n \"value\": \"[parameters('DisallowDigestAuthentication')]\"\r\n },\r\n {\r\n \"name\": \"Disallow WinRM from storing RunAs credentials;ExpectedValue\",\r\n \"value\": \"[parameters('DisallowWinRMFromStoringRunAsCredentials')]\"\r\n },\r\n {\r\n \"name\": \"Do not allow passwords to be saved;ExpectedValue\",\r\n \"value\": \"[parameters('DoNotAllowPasswordsToBeSaved')]\"\r\n },\r\n {\r\n \"name\": \"Security: Specify the maximum log file size (KB);ExpectedValue\",\r\n \"value\": \"[parameters('SecuritySpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n {\r\n \"name\": \"Set client connection encryption level;ExpectedValue\",\r\n \"value\": \"[parameters('SetClientConnectionEncryptionLevel')]\"\r\n },\r\n {\r\n \"name\": \"Set the default behavior for AutoRun;ExpectedValue\",\r\n \"value\": \"[parameters('SetTheDefaultBehaviorForAutoRun')]\"\r\n },\r\n {\r\n \"name\": \"Setup: Specify the maximum log file size (KB);ExpectedValue\",\r\n \"value\": \"[parameters('SetupSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n {\r\n \"name\": \"System: Specify the maximum log file size (KB);ExpectedValue\",\r\n \"value\": \"[parameters('SystemSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n {\r\n \"name\": \"Turn off Data Execution Prevention for Explorer;ExpectedValue\",\r\n \"value\": \"[parameters('TurnOffDataExecutionPreventionForExplorer')]\"\r\n },\r\n {\r\n \"name\": \"Specify the interval to check for definition updates;ExpectedValue\",\r\n \"value\": \"[parameters('SpecifyTheIntervalToCheckForDefinitionUpdates')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7040a231-fb65-4412-8c0a-b365f4866c24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1254\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"704e136a-4fe0-427c-b829-cd69957f5d2b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - System'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - System'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesSystem\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7066131b-61a6-4917-a7e4-72e8983f0aa6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1509 - Position Risk Designation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1509\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70792197-9bfc-4813-905a-bd33993e327f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1541 - Risk Assessment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1541\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"70f6af82-7be6-44aa-9b15-8b9231b2e434\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1691 - Information System Monitoring | Automated Tools For Real-Time Analysis\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1691\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71475fb4-49bd-450b-a1a5-f63894c24725\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1481 - Temperature And Humidity Controls\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1481\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"717a1c78-a267-4f56-ac58-ee6c54dc4339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time Source\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1129\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"71bb965d-4047-4623-afd4-b8189a58df5d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1395 - System Maintenance Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1395\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7207a023-a517-41c5-9df2-09d4c6845a05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs on which the DSC configuration is not compliant\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows VMs on which the Desired State Configuration (DSC) configuration is not compliant. This policy is only applicable to machines with WMF 4 and above. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsDscConfiguration\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7227ebe5-9ff7-47ab-b823-171cd02fb90f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7227ebe5-9ff7-47ab-b823-171cd02fb90f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Administrative Templates - Network'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Administrative Templates - Network'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdministrativeTemplatesNetwork\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7229bd6a-693d-478a-87f0-1dc1af06f3b8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'Python version' is the latest, if used as a part of the Function app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for Function apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"WindowsPythonLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Latest Python version\",\r\n \"description\": \"Latest supported Python version for App Services\"\r\n },\r\n \"defaultValue\": \"3.6\"\r\n },\r\n \"LinuxPythonLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Linux Latest Python version\",\r\n \"description\": \"Latest supported Python version for App Services\"\r\n },\r\n \"defaultValue\": \"3.8\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"PYTHON\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"[concat('PYTHON|', parameters('LinuxPythonLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"[parameters('WindowsPythonLatestVersion')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7238174a-fd10-4ef0-817e-fc820a951d73\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'PHP version' is the latest, if used as a part of the WEB app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for web apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"PHPLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest PHP version\",\r\n \"description\": \"Latest supported PHP version for App Services\"\r\n },\r\n \"defaultValue\": \"7.3\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"PHP\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"[concat('PHP|', parameters('PHPLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"[parameters('PHPLatestVersion')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7261b898-8a84-4db8-9e04-18527132abb3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that allow re-use of the previous 24 passwords. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"EnforcePasswordHistory\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add a tag to resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Adds the specified tag and value when any resource group missing this tag is created or updated. Existing resource groups can be remediated by triggering a remediation task. If the tag exists with a different value it will not be changed.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"add\",\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/726aca4c-86e9-4b04-b0c5-073027359532\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"726aca4c-86e9-4b04-b0c5-073027359532\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1524 - Personnel Transfer\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1524\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"72f1cb4e-2439-4fe8-88ea-b8671ce3c268\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized Personnel\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1393\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"731856d8-1598-4b75-92de-7d46235747c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1101 - Audit And Accountability Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1101\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7327b708-f0e0-457d-9d2a-527fcc9c9a65\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1456 - Physical Access Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1456\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"733ba9e3-9e7c-440a-a7aa-6196a90a2870\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1581 - Information System Documentation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1581\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"742b549b-7a25-465f-b83c-ea1ffb4f4e0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed storage account SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables you to specify a set of storage account SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for storage accounts.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"StorageSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7433c107-6db4-4ad1-b57a-a76dce0154a1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1631\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74ae9b8e-e7bb-4c9c-992f-c535282f7a2c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'Python version' is the latest, if used as a part of the Api app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for Api apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"WindowsPythonLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Latest Python version\",\r\n \"description\": \"Latest supported Python version for App Services\"\r\n },\r\n \"defaultValue\": \"3.6\"\r\n },\r\n \"LinuxPythonLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Linux Latest Python version\",\r\n \"description\": \"Latest supported Python version for App Services\"\r\n },\r\n \"defaultValue\": \"3.8\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"PYTHON\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"[concat('PYTHON|', parameters('LinuxPythonLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.pythonVersion\",\r\n \"equals\": \"[parameters('WindowsPythonLatestVersion')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"74c3584d-afae-46f7-a20a-6f8adba71a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1417\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7522ed84-70d5-4181-afc0-21e50b1b6d0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit enabling of diagnostic logs in App Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"web\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"notEquals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"752c6934-9bcc-4749-b004-655e676ae2ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1468 - Visitor Access Records | Automated Records Maintenance / Review\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1468\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"75603f96-80a1-4757-991d-5a1221765ddd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1053 - Session Lock | Pattern-Hiding Displays\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1053\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7582b19c-9dba-438e-aed8-ede59ac35ba3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1459 - Access Control For Transmission Medium\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1459\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerabilities should be remediated by a Vulnerability Assessment solution\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"vulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"760a85ff-6162-42b3-8d70-698e268f648c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy Dependency Agent for Linux VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploy Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude')]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\",\r\n \"12-SP3\",\r\n \"12-SP4\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"CentOS\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"DependencyAgentLinux\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"DependencyAgent\",\r\n \"vmExtensionPublisher\": \"Microsoft.Azure.Monitoring.DependencyAgent\",\r\n \"vmExtensionType\": \"DependencyAgentLinux\",\r\n \"vmExtensionTypeHandlerVersion\": \"9.7\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for: ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"765266ab-e40e-4c61-bcb2-5a5275d0b7c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1055 - Session Termination| User-Initiated Logouts / Message Displays\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1055\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"769efd9b-3587-4e22-90ce-65ddcd5bd969\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit delegation of scopes to a managing tenant\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit delegation of scopes to a managing tenant via Azure Lighthouse.\",\r\n \"metadata\": {\r\n \"category\": \"Lighthouse\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ManagedServices/registrationAssignments\"\r\n },\r\n {\r\n \"value\": \"true\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/76bed37b-484f-430f-a009-fd7592dff818\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"76bed37b-484f-430f-a009-fd7592dff818\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1058 - Permitted Actions Without Identification Or Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1058\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"76e85d08-8fbb-4112-a1c1-93521e6a9254\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1508 - Position Risk Designation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1508\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"76f500cc-4bca-4583-bda1-6d084dc21086\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1423\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7741669e-d4f6-485a-83cb-e70ce7cbbc20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure subscriptions should have a log profile for Activity Log\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy ensures if a log profile is enabled for exporting activity logs. It audits if there is no log profile created to export the logs either to a storage account or to an event hub.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logProfiles\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Insights/logProfiles/categories\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7796937f-307b-4598-941c-67d3a05ebfe7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1336 - Authenticator Management | Pki-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1336\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"77f56280-e367-432a-a3b9-8ca2aa636a26\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1258 - Contingency Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1258\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7814506c-382c-4d33-a142-249dd4a0dbff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1178 - Baseline Configuration | Reviews And Updates\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1178\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7818b8f4-47c6-441a-90ae-12ce04e99893\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1057 - Permitted Actions Without Identification Or Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1057\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78255758-6d45-4bf0-a005-7016bc03b13c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1700 - Information System Monitoring | Unauthorized Network Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1700\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1010 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1010\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"784663a8-1eb0-418a-a98c-24d19bc1bb62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1216 - Least Functionality | Periodic Review\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1216\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7894fe6a-f5cb-44c8-ba90-c3f254ff9484\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1639 - Boundary Protection | Isolation Of Information System Components\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1639\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78e8e649-50f6-4fe3-99ac-fedc2e63b03f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1647 - Cryptographic Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1647\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"791cfc15-6974-42a0-9f4c-2d4b82f4a78c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1510 - Position Risk Designation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1510\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"79da5b09-0e7e-499e-adda-141b069c7998\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1384 - Information Spillage Response\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1384\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"79fbc228-461c-4a45-9004-a865ca0728a7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows Server VMs on which Windows Serial Console is not enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows Server virtual machines on which Windows Serial Console is not enabled. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"EMSPortNumber\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"EMS Port Number\",\r\n \"description\": \"An integer indicating the COM port to be used for the Emergency Management Services (EMS) console redirection. For more information on EMS settings, please visit https://aka.ms/gcpolwsc\"\r\n },\r\n \"allowedValues\": [\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"EMSBaudRate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"EMS Baud Rate\",\r\n \"description\": \"An integer indicating the baud rate to be used for the Emergency Management Services (EMS) console redirection. For more information on EMS settings, please visit https://aka.ms/gcpolwsc\"\r\n },\r\n \"allowedValues\": [\r\n \"9600\",\r\n \"19200\",\r\n \"38400\",\r\n \"57600\",\r\n \"115200\"\r\n ],\r\n \"defaultValue\": \"115200\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsSerialConsole\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber', '=', parameters('EMSPortNumber'), ',', '[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate', '=', parameters('EMSBaudRate')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsSerialConsole\"\r\n },\r\n \"EMSPortNumber\": {\r\n \"value\": \"[parameters('EMSPortNumber')]\"\r\n },\r\n \"EMSBaudRate\": {\r\n \"value\": \"[parameters('EMSBaudRate')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"EMSPortNumber\": {\r\n \"type\": \"string\"\r\n },\r\n \"EMSBaudRate\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber\",\r\n \"value\": \"[parameters('EMSPortNumber')]\"\r\n },\r\n {\r\n \"name\": \"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate\",\r\n \"value\": \"[parameters('EMSBaudRate')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsSerialConsole]WindowsSerialConsole;EMSPortNumber\",\r\n \"value\": \"[parameters('EMSPortNumber')]\"\r\n },\r\n {\r\n \"name\": \"[WindowsSerialConsole]WindowsSerialConsole;EMSBaudRate\",\r\n \"value\": \"[parameters('EMSBaudRate')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7a031c68-d6ab-406e-a506-697a19c634b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1093 - Role-Based Security Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1093\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7a0bdeeb-15f4-47e8-a1da-9f769f845fdf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1708 - Security Function Verification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1708\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7a1e2c88-13de-4959-8ee7-47e3d74f1f48\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1289 - Information System Backup\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1289\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7a724864-956a-496c-b778-637cb1d762cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1687 - Information System Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1687\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7a87fc7f-301e-49f3-ba2a-4d74f424fa97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1061 - Remote Access | Automated Monitoring / Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1061\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ac22808-a2e8-41c4-9d46-429b50738914\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1492 - System Security Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1492\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ad5f307-e045-46f7-8214-5bdb7e973737\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1636 - Boundary Protection | Isolation Of Security Tools / Mechanisms / Support Components\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1636\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7b694eed-7081-43c6-867c-41c76c961043\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Virtual Machine Scale Sets should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"IaaSDiagnostics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Diagnostics\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"equals\": \"LinuxDiagnostic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"in\": [\r\n \"Microsoft.OSTCExtensions\",\r\n \"Microsoft.Azure.Diagnostics\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c1b1214-f927-48bf-8882-84f0af6588b1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Require blob encryption for storage accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures blob encryption for storage accounts is turned on. It only applies to Microsoft.Storage resource types, not other storage providers. This policy is deprecated because storage blob encryption is now enabled by default, and can no longer be disabled.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/enableBlobEncryption\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1143 - Security Assessment And Authorization Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1143\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7c6de11b-5f51-4f7c-8d83-d2467c8a816e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1051 - Session Lock\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1051\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1279 - Telecommunications Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1279\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1109 - Content Of Audit Records | Centralized Management Of Planned Audit Record Content\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1109\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1201 - Security Impact Analysis | Separate Test Environments\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1201\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7daef997-fdd3-461b-8807-a608a6dd70f1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1471 - Emergency Shutoff\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1471\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7dd0e9ce-1772-41fb-a50a-99977071f916\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs that have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e56b49b-5990-4159-a734-511ea19b731c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1011 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1011\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e6a54f3-883f-43d5-87c4-172dfd64a1f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that have not restarted within the specified number of days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that have not restarted within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MachineLastBootUpTime\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7e84ba44-6d03-46fd-950e-5efa5a1112fa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1692 - Information System Monitoring | Inbound And Outbound Communications Traffic\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1692\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ecda928-9df4-4dd7-8f44-641a91e470e8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that do not have the password complexity setting enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the password complexity setting enabled. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordMustMeetComplexityRequirements\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1191 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1191\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f26a61b-a74d-467c-99cf-63644db144f7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1520 - Personnel Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1520\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f2c513b-eb16-463b-b469-c10e5fa94f0a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1126\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f37f71b-420f-49bf-9477-9c0196974ecf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - Privilege Use'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Privilege Use'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesPrivilegeUse\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit diagnostic setting\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit diagnostic setting for selected resource types\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7f89b1eb-583c-429a-8828-af049802c1d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1117\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7fbfe680-6dbb-4037-963c-a621c5635902\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"SQL Auditing settings should have Action-Groups configured to capture critical activities\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"The AuditActionsAndGroups property should contain at least SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, BATCH_COMPLETED_GROUP to ensure a thorough audit logging\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]\",\r\n \"notEquals\": \"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]\",\r\n \"notEquals\": \"FAILED_DATABASE_AUTHENTICATION_GROUP\"\r\n }\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Sql/servers/auditingSettings/auditActionsAndGroups[*]\",\r\n \"notEquals\": \"BATCH_COMPLETED_GROUP\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ff426e2-515f-405a-91c8-4f2333442eb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1703 - Security Alerts, Advisories, And Directives\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1703\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"804faf7d-b687-40f7-9f74-79e28adf4205\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1303 - Identification And Authentication (Org. Users) | Local Access To Privileged Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1303\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"80ca0a27-918a-4604-af9e-723a27ee51e8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1505 - Information Security Architecture\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1505\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"813a10a7-3943-4fe3-8678-00dc52db5490\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1614 - Developer Security Architecture And Design\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1614\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8154e3b3-cc52-40be-9407-7756581d71f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'User Rights Assignment'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'User Rights Assignment'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may access this computer from the network\",\r\n \"description\": \"Specifies which remote users on the network are permitted to connect to the computer. This does not include Remote Desktop Connection.\"\r\n },\r\n \"defaultValue\": \"Administrators, Authenticated Users\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnLocally\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may log on locally\",\r\n \"description\": \"Specifies which users or groups can interactively log on to the computer. Users who attempt to log on via Remote Desktop Connection or IIS also require this user right.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may log on through Remote Desktop Services\",\r\n \"description\": \"Specifies which users or groups are permitted to log on as a Terminal Services client, Remote Desktop, or for Remote Assistance.\"\r\n },\r\n \"defaultValue\": \"Administrators, Remote Desktop Users\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied access to this computer from the network\",\r\n \"description\": \"Specifies which users or groups are explicitly prohibited from connecting to the computer across the network.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersOrGroupsThatMayManageAuditingAndSecurityLog\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may manage auditing and security log\",\r\n \"description\": \"Specifies users and groups permitted to change the auditing options for files and directories and clear the Security log.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersOrGroupsThatMayBackUpFilesAndDirectories\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may back up files and directories\",\r\n \"description\": \"Specifies users and groups allowed to circumvent file and directory permissions to back up the system.\"\r\n },\r\n \"defaultValue\": \"Administrators, Backup Operators\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheSystemTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may change the system time\",\r\n \"description\": \"Specifies which users and groups are permitted to change the time and date on the internal clock of the computer.\"\r\n },\r\n \"defaultValue\": \"Administrators, LOCAL SERVICE\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheTimeZone\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may change the time zone\",\r\n \"description\": \"Specifies which users and groups are permitted to change the time zone of the computer.\"\r\n },\r\n \"defaultValue\": \"Administrators, LOCAL SERVICE\"\r\n },\r\n \"UsersOrGroupsThatMayCreateATokenObject\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may create a token object\",\r\n \"description\": \"Specifies which users and groups are permitted to create an access token, which may provide elevated rights to access sensitive data.\"\r\n },\r\n \"defaultValue\": \"No One\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied logging on as a batch job\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer as a batch job (i.e. scheduled task).\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsAService\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied logging on as a service\",\r\n \"description\": \"Specifies which service accounts are explicitly not permitted to register a process as a service.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLocalLogon\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied local logon\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied log on through Remote Desktop Services\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer via Terminal Services/Remote Desktop Client.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UserAndGroupsThatMayForceShutdownFromARemoteSystem\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"User and groups that may force shutdown from a remote system\",\r\n \"description\": \"Specifies which users and groups are permitted to shut down the computer from a remote location on the network.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersAndGroupsThatMayRestoreFilesAndDirectories\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that may restore files and directories\",\r\n \"description\": \"Specifies which users and groups are permitted to bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories.\"\r\n },\r\n \"defaultValue\": \"Administrators, Backup Operators\"\r\n },\r\n \"UsersAndGroupsThatMayShutDownTheSystem\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that may shut down the system\",\r\n \"description\": \"Specifies which users and groups who are logged on locally to the computers in your environment are permitted to shut down the operating system with the Shut Down command.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may take ownership of files or other objects\",\r\n \"description\": \"Specifies which users and groups are permitted to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_UserRightsAssignment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Access this computer from the network;ExpectedValue', '=', parameters('UsersOrGroupsThatMayAccessThisComputerFromTheNetwork'), ',', 'Allow log on locally;ExpectedValue', '=', parameters('UsersOrGroupsThatMayLogOnLocally'), ',', 'Allow log on through Remote Desktop Services;ExpectedValue', '=', parameters('UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices'), ',', 'Deny access to this computer from the network;ExpectedValue', '=', parameters('UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork'), ',', 'Manage auditing and security log;ExpectedValue', '=', parameters('UsersOrGroupsThatMayManageAuditingAndSecurityLog'), ',', 'Back up files and directories;ExpectedValue', '=', parameters('UsersOrGroupsThatMayBackUpFilesAndDirectories'), ',', 'Change the system time;ExpectedValue', '=', parameters('UsersOrGroupsThatMayChangeTheSystemTime'), ',', 'Change the time zone;ExpectedValue', '=', parameters('UsersOrGroupsThatMayChangeTheTimeZone'), ',', 'Create a token object;ExpectedValue', '=', parameters('UsersOrGroupsThatMayCreateATokenObject'), ',', 'Deny log on as a batch job;ExpectedValue', '=', parameters('UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob'), ',', 'Deny log on as a service;ExpectedValue', '=', parameters('UsersAndGroupsThatAreDeniedLoggingOnAsAService'), ',', 'Deny log on locally;ExpectedValue', '=', parameters('UsersAndGroupsThatAreDeniedLocalLogon'), ',', 'Deny log on through Remote Desktop Services;ExpectedValue', '=', parameters('UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices'), ',', 'Force shutdown from a remote system;ExpectedValue', '=', parameters('UserAndGroupsThatMayForceShutdownFromARemoteSystem'), ',', 'Restore files and directories;ExpectedValue', '=', parameters('UsersAndGroupsThatMayRestoreFilesAndDirectories'), ',', 'Shut down the system;ExpectedValue', '=', parameters('UsersAndGroupsThatMayShutDownTheSystem'), ',', 'Take ownership of files or other objects;ExpectedValue', '=', parameters('UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_UserRightsAssignment\"\r\n },\r\n \"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayAccessThisComputerFromTheNetwork')]\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnLocally\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnLocally')]\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork')]\"\r\n },\r\n \"UsersOrGroupsThatMayManageAuditingAndSecurityLog\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayManageAuditingAndSecurityLog')]\"\r\n },\r\n \"UsersOrGroupsThatMayBackUpFilesAndDirectories\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayBackUpFilesAndDirectories')]\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheSystemTime\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheSystemTime')]\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheTimeZone\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheTimeZone')]\"\r\n },\r\n \"UsersOrGroupsThatMayCreateATokenObject\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayCreateATokenObject')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsAService\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsAService')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLocalLogon\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLocalLogon')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n \"UserAndGroupsThatMayForceShutdownFromARemoteSystem\": {\r\n \"value\": \"[parameters('UserAndGroupsThatMayForceShutdownFromARemoteSystem')]\"\r\n },\r\n \"UsersAndGroupsThatMayRestoreFilesAndDirectories\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatMayRestoreFilesAndDirectories')]\"\r\n },\r\n \"UsersAndGroupsThatMayShutDownTheSystem\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatMayShutDownTheSystem')]\"\r\n },\r\n \"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnLocally\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayManageAuditingAndSecurityLog\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayBackUpFilesAndDirectories\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheSystemTime\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheTimeZone\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayCreateATokenObject\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsAService\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLocalLogon\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices\": {\r\n \"type\": \"string\"\r\n },\r\n \"UserAndGroupsThatMayForceShutdownFromARemoteSystem\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersAndGroupsThatMayRestoreFilesAndDirectories\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersAndGroupsThatMayShutDownTheSystem\": {\r\n \"type\": \"string\"\r\n },\r\n \"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Access this computer from the network;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayAccessThisComputerFromTheNetwork')]\"\r\n },\r\n {\r\n \"name\": \"Allow log on locally;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnLocally')]\"\r\n },\r\n {\r\n \"name\": \"Allow log on through Remote Desktop Services;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n {\r\n \"name\": \"Deny access to this computer from the network;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork')]\"\r\n },\r\n {\r\n \"name\": \"Manage auditing and security log;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayManageAuditingAndSecurityLog')]\"\r\n },\r\n {\r\n \"name\": \"Back up files and directories;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayBackUpFilesAndDirectories')]\"\r\n },\r\n {\r\n \"name\": \"Change the system time;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheSystemTime')]\"\r\n },\r\n {\r\n \"name\": \"Change the time zone;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheTimeZone')]\"\r\n },\r\n {\r\n \"name\": \"Create a token object;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayCreateATokenObject')]\"\r\n },\r\n {\r\n \"name\": \"Deny log on as a batch job;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob')]\"\r\n },\r\n {\r\n \"name\": \"Deny log on as a service;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsAService')]\"\r\n },\r\n {\r\n \"name\": \"Deny log on locally;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLocalLogon')]\"\r\n },\r\n {\r\n \"name\": \"Deny log on through Remote Desktop Services;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n {\r\n \"name\": \"Force shutdown from a remote system;ExpectedValue\",\r\n \"value\": \"[parameters('UserAndGroupsThatMayForceShutdownFromARemoteSystem')]\"\r\n },\r\n {\r\n \"name\": \"Restore files and directories;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatMayRestoreFilesAndDirectories')]\"\r\n },\r\n {\r\n \"name\": \"Shut down the system;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatMayShutDownTheSystem')]\"\r\n },\r\n {\r\n \"name\": \"Take ownership of files or other objects;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Access this computer from the network;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayAccessThisComputerFromTheNetwork')]\"\r\n },\r\n {\r\n \"name\": \"Allow log on locally;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnLocally')]\"\r\n },\r\n {\r\n \"name\": \"Allow log on through Remote Desktop Services;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n {\r\n \"name\": \"Deny access to this computer from the network;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork')]\"\r\n },\r\n {\r\n \"name\": \"Manage auditing and security log;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayManageAuditingAndSecurityLog')]\"\r\n },\r\n {\r\n \"name\": \"Back up files and directories;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayBackUpFilesAndDirectories')]\"\r\n },\r\n {\r\n \"name\": \"Change the system time;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheSystemTime')]\"\r\n },\r\n {\r\n \"name\": \"Change the time zone;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheTimeZone')]\"\r\n },\r\n {\r\n \"name\": \"Create a token object;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayCreateATokenObject')]\"\r\n },\r\n {\r\n \"name\": \"Deny log on as a batch job;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob')]\"\r\n },\r\n {\r\n \"name\": \"Deny log on as a service;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsAService')]\"\r\n },\r\n {\r\n \"name\": \"Deny log on locally;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLocalLogon')]\"\r\n },\r\n {\r\n \"name\": \"Deny log on through Remote Desktop Services;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n {\r\n \"name\": \"Force shutdown from a remote system;ExpectedValue\",\r\n \"value\": \"[parameters('UserAndGroupsThatMayForceShutdownFromARemoteSystem')]\"\r\n },\r\n {\r\n \"name\": \"Restore files and directories;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatMayRestoreFilesAndDirectories')]\"\r\n },\r\n {\r\n \"name\": \"Shut down the system;ExpectedValue\",\r\n \"value\": \"[parameters('UsersAndGroupsThatMayShutDownTheSystem')]\"\r\n },\r\n {\r\n \"name\": \"Take ownership of files or other objects;ExpectedValue\",\r\n \"value\": \"[parameters('UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"815dcc9f-6662-43f2-9a03-1b83e9876f24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1308 - Identification And Authentication (Org. Users) | Remote Access - Separate Device\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1308\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"81817e1c-5347-48dd-965a-40159d008229\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1287 - Information System Backup\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1287\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"819dc6da-289d-476e-8500-7e341ef8677d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1213\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"81f11e32-a293-4a58-82cd-134af52e2318\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Geo-redundant backup should be enabled for Azure Database for MySQL\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Azure Database for MySQL with geo-redundant backup not enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforMySQL/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DBforMySQL/servers/storageProfile.geoRedundantBackup\",\r\n \"notEquals\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"82339799-d096-41ae-8538-b108becf0970\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1168 - Continuous Monitoring | Independent Assessment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1168\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"82409f9e-1f32-4775-bf07-b99d53a91b06\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1448 - Physical Access Authorizations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1448\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"825d6494-e583-42f2-a3f2-6458e6f0004f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1452 - Physical Access Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1452\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"82c76455-4d3f-4e09-a654-22e592107e74\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1262 - Contingency Plan Testing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1262\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"831e510e-db41-4c72-888e-a0621ab62265\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1008 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1008\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8356cfc6-507a-4d20-b818-08038011cd07\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Event Hub should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a214f7-d01a-484b-91a9-ed54470c9a6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Network interfaces should not have public IPs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy denies the network interfaces which are configured with any public IP. Public IP addresses allow internet resources to communicate inbound to Azure resources, and Azure resources to communicate outbound to the internet. This should be reviewed by the network security team.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkInterfaces\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id\",\r\n \"notLike\": \"*\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"83a86a26-fd1f-447c-b59d-e51f44264114\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1382 - Incident Response Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1382\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"841392b3-40da-4473-b328-4cde49db67b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1098 - Security Training Records\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1098\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"84363adb-dde3-411a-9fc1-36b56737f822\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that '.Net Framework' version is the latest, if used as a part of the Web app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for .Net Framework software either due to security flaws or to include additional functionality. Using the latest .Net framework version for web apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.netFrameworkVersion\",\r\n \"in\": [\r\n \"v3.0\",\r\n \"v4.0\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"843664e0-7563-41ee-a9cb-7522c382d2c4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review And Analysis\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1119\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"845f6359-b764-4b40-b579-657aefe23c44\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1024 - Account Management | Account Monitoring / Atypical Usage\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1024\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"84914fb4-12da-4c53-a341-a9fd463bed10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1307 - Identification And Authentication (Org. Users) | Net. Access To Non-Priv. Accts. - Replay\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1307\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"84e622c8-4bed-417c-84c6-b2fb0dd73682\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1080 - Use Of External Information Systems | Portable Storage Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1080\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"852981b4-a380-4704-aa1e-2e52d63445e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1580 - Information System Documentation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1580\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"854db8ac-6adf-42a0-bef3-b73f764f40b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1348 - Identification And Authentication (Non-Org. Users) | Acceptance Of Third-Party Credentials\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1348\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"855ced56-417b-4d74-9d5f-dd1bc81e22d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1079 - Use Of External Information Systems | Limits On Authorized Use\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1079\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"85c32733-7d23-4948-88da-058e2c56b60f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1326 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1326\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8605fc00-1bf5-4fb3-984e-c95cec4f231d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Server'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Microsoft Network Server'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsMicrosoftNetworkServer\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsMicrosoftNetworkServer\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86880e5c-df35-43c5-95ad-7e120635775e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy SQL DB transparent data encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enables transparent data encryption on SQL databases\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"master\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/transparentDataEncryption.status\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('fullDbName'), '/current')]\",\r\n \"type\": \"Microsoft.Sql/servers/databases/transparentDataEncryption\",\r\n \"apiVersion\": \"2014-04-01\",\r\n \"properties\": {\r\n \"status\": \"Enabled\"\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"fullDbName\": {\r\n \"value\": \"[field('fullName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86a912f6-9a06-4e26-b447-11b16ba8659f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"System updates should be installed on your machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Missing security system updates on your servers will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"systemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86b3d65f-7626-441e-b690-81a8b71cff60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1507 - Personnel Security Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1507\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86ccd1bf-e7ad-4851-93ce-6ec817469c1e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that Register with Azure Active Directory is enabled on API app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Managed service identity in App Service makes the app more secure by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in the app service, the app will connect to other Azure services securely without the need of username and passwords\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.managedServiceIdentityId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86d97760-d216-4d81-a3ad-163087b2b6c3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1392 - Information Spillage Response | Post-Spill Operations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1392\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86dc819f-15e1-43f9-a271-41ae58d4cecc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1589 - External Information System Services | Risk Assessments / Organizational Approvals\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1589\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"86ec7f9b-9478-40ff-8cfd-6a0d510081a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1207 - Access Restrictions For Change | Limit Production / Operational Privileges\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1207\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8713a0ed-0d1e-4d10-be82-83dffb39830e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require specified tag\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enforces existence of a tag. Does not apply to resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/871b6d14-10aa-478d-b590-94f262ecfa99\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"871b6d14-10aa-478d-b590-94f262ecfa99\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy / Currency\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1180\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"874e7880-a067-42a7-bcbe-1a340f54c8cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1635 - Boundary Protection | Host-Based Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1635\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Administrative Templates - Control Panel'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Administrative Templates - Control Panel'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdministrativeTemplatesControlPanel\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"87b590fe-4a1d-4697-ae74-d4fe72ab786c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1293\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"87f7cd82-2e45-4d0f-9e2f-586b0962d142\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1440 - Media Sanitization | Review / Approve / Track / Document / Verify\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1440\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"881299bf-2a5b-4686-a1b2-321d33679953\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1356 - Incident Response Training | Simulated Events\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1356\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8829f8f5-e8be-441e-85c9-85b72a5d0ef3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Linux VMs that have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Linux virtual machines that have the specified applications installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should not be installed. e.g. 'python; powershell'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"not_installed_application_linux\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent', '=', concat('packages: [', replace(parameters('ApplicationName'), ';', ','), ']')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"not_installed_application_linux\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', replace(parameters('ApplicationName'), ';', ','), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[ChefInSpec]NotInstalledApplicationLinuxResource1;AttributesYmlContent\",\r\n \"value\": \"[concat('packages: [', replace(parameters('ApplicationName'), ';', ','), ']')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"884b209a-963b-4520-8006-d20cb3c213e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1317 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1317\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8877f519-c166-47b7-81b7-8a8eb4ff3775\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1501 - Rules Of Behavior\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1501\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"88817b58-8472-4f6c-81fa-58ce42b67f51\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'Java version' is the latest, if used as a part of the Api app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for Java either due to security flaws or to include additional functionality. Using the latest Python version for Api apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"JavaLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest Java version\",\r\n \"description\": \"Latest supported Java version for App Services\"\r\n },\r\n \"defaultValue\": \"11\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"JAVA\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"like\": \"[concat('*', parameters('JavaLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"like\": \"[concat(parameters('JavaLatestVersion'), '*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"88999f4c-376a-45c8-bcb3-4058f713cf39\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Network interfaces should disable IP forwarding\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkInterfaces\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/networkInterfaces/enableIpForwarding\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"88c0b9da-ce96-4b03-9635-f29a937e2900\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1215 - Least Functionality\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1215\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"88fc93e8-4745-4785-b5a5-b44bb92c44ff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"SQL servers should be configured with auditing retention days greater than 90 days.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit SQL servers configured with an auditing retention period of less than 90 days.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/auditingSettings/retentionDays\",\r\n \"greater\": 90\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"89099bee-89e0-4b26-a5f4-165451757743\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1411 - Nonlocal Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1411\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"898d4fe8-f743-4333-86b7-0c9245d93e7d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1092 - Security Awareness Training | Insider Threat\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1092\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8a29d47b-8604-4667-84ef-90d203fcb305\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - System settings'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - System settings'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsSystemsettings\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8a39d1f1-5513-4628-b261-f469a5a3341b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs with a pending reboot\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with a pending reboot. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsPendingReboot\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8b0de57a-f511-4d45-a277-17cb79cb163b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1534 - Personnel Sanctions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1534\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8b2b263e-cd05-4488-bcbf-4debec7a17d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1170 - Penetration Testing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1170\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Windows Firewall Properties'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Firewall Properties'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_WindowsFirewallProperties\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8bbd627e-4d25-4906-9a6e-3789780af3ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'HTTP Version' is the latest, if used to run the Web app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Managed service identity in App Service makes the app more secure by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in the app service, the app will connect to other Azure services securely without the need of username and passwords\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.http20Enabled\",\r\n \"Equals\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8c122334-9d20-4eb8-89ea-ac9a705b74ae\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1458 - Physical Access Control | Information System Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1458\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1683 - Information System Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1683\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8c79fee4-88dd-44ce-bbd4-4de88948c4f8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Latest TLS version should be used in your API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Upgrade to the latest TLS version\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"equals\": \"1.2\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1316 - Identifier Management | Identify User Status\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1316\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce14753-66e5-465d-9841-26ef55c09c0d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require tag and its value on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces a required tag and its value on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ce3da23-7156-49e4-b145-24f95f9dcb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1324 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1324\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8cfea2b3-7f77-497e-ac20-0752f2ff6eee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1225 - Information System Component Inventory | Automated Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1225\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8d096fe0-f510-4486-8b4d-d17dc230980b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1288 - Information System Backup\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1288\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1281\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8dc459b3-0e77-45af-8d71-cfd8c9654fe2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1250 - Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1250\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8de614d8-a8b7-4f70-a62a-6d37089a002c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Object Access'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Object Access'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"AuditDetailedFileShare\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Detailed File Share\",\r\n \"description\": \"If this policy setting is enabled, access to all shared files and folders on the system is audited. Auditing for Success can lead to very high volumes of events.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"AuditFileShare\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit File Share\",\r\n \"description\": \"Specifies whether to audit events related to file shares: creation, deletion, modification, and access attempts. Also, it shows failed SMB SPN checks. Event volumes can be high on DCs and File Servers.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"AuditFileSystem\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit File System\",\r\n \"description\": \"Specifies whether audit events are generated when users attempt to access file system objects. Audit events are generated only for objects that have configured system access control lists (SACLs).\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesObjectAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Audit Detailed File Share;ExpectedValue', '=', parameters('AuditDetailedFileShare'), ',', 'Audit File Share;ExpectedValue', '=', parameters('AuditFileShare'), ',', 'Audit File System;ExpectedValue', '=', parameters('AuditFileSystem')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesObjectAccess\"\r\n },\r\n \"AuditDetailedFileShare\": {\r\n \"value\": \"[parameters('AuditDetailedFileShare')]\"\r\n },\r\n \"AuditFileShare\": {\r\n \"value\": \"[parameters('AuditFileShare')]\"\r\n },\r\n \"AuditFileSystem\": {\r\n \"value\": \"[parameters('AuditFileSystem')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditDetailedFileShare\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditFileShare\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditFileSystem\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Detailed File Share;ExpectedValue\",\r\n \"value\": \"[parameters('AuditDetailedFileShare')]\"\r\n },\r\n {\r\n \"name\": \"Audit File Share;ExpectedValue\",\r\n \"value\": \"[parameters('AuditFileShare')]\"\r\n },\r\n {\r\n \"name\": \"Audit File System;ExpectedValue\",\r\n \"value\": \"[parameters('AuditFileSystem')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Detailed File Share;ExpectedValue\",\r\n \"value\": \"[parameters('AuditDetailedFileShare')]\"\r\n },\r\n {\r\n \"name\": \"Audit File Share;ExpectedValue\",\r\n \"value\": \"[parameters('AuditFileShare')]\"\r\n },\r\n {\r\n \"name\": \"Audit File System;ExpectedValue\",\r\n \"value\": \"[parameters('AuditFileSystem')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e170edb-e0f5-497a-bb36-48b3280cec6a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1278\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e5ef485-9e16-4c53-a475-fbb8107eac59\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1517 - Personnel Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1517\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8f5ad423-50d6-4617-b058-69908f5586c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1668 - Flaw Remediation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1668\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8fb0966e-be1d-42c3-baca-60df5c0bcc61\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1013 - Account Management | Automated System Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1013\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8fd7b917-d83b-4379-af60-51e14e316c61\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1147 - Security Assessments\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1147\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8fef824a-29a8-4a4c-88fc-420a39c0d541\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that do not store passwords using reversible encryption\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not store passwords using reversible encryption. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"StorePasswordsUsingReversibleEncryption\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"StorePasswordsUsingReversibleEncryption\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1550 - Vulnerability Scanning\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1550\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"902908fb-25a8-4225-a3a5-5603c80066c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Firewall Properties'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Firewall Properties'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"WindowsFirewallDomainUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Domain profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Domain profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Private profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Private profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Public profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Public profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Domain: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPrivateAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Private: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Private profile.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPublicAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Public: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_WindowsFirewallProperties\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Windows Firewall: Domain: Firewall state;ExpectedValue', '=', parameters('WindowsFirewallDomainUseProfileSettings'), ',', 'Windows Firewall: Domain: Outbound connections;ExpectedValue', '=', parameters('WindowsFirewallDomainBehaviorForOutboundConnections'), ',', 'Windows Firewall: Domain: Settings: Apply local connection security rules;ExpectedValue', '=', parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules'), ',', 'Windows Firewall: Domain: Settings: Apply local firewall rules;ExpectedValue', '=', parameters('WindowsFirewallDomainApplyLocalFirewallRules'), ',', 'Windows Firewall: Domain: Settings: Display a notification;ExpectedValue', '=', parameters('WindowsFirewallDomainDisplayNotifications'), ',', 'Windows Firewall: Private: Firewall state;ExpectedValue', '=', parameters('WindowsFirewallPrivateUseProfileSettings'), ',', 'Windows Firewall: Private: Outbound connections;ExpectedValue', '=', parameters('WindowsFirewallPrivateBehaviorForOutboundConnections'), ',', 'Windows Firewall: Private: Settings: Apply local connection security rules;ExpectedValue', '=', parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules'), ',', 'Windows Firewall: Private: Settings: Apply local firewall rules;ExpectedValue', '=', parameters('WindowsFirewallPrivateApplyLocalFirewallRules'), ',', 'Windows Firewall: Private: Settings: Display a notification;ExpectedValue', '=', parameters('WindowsFirewallPrivateDisplayNotifications'), ',', 'Windows Firewall: Public: Firewall state;ExpectedValue', '=', parameters('WindowsFirewallPublicUseProfileSettings'), ',', 'Windows Firewall: Public: Outbound connections;ExpectedValue', '=', parameters('WindowsFirewallPublicBehaviorForOutboundConnections'), ',', 'Windows Firewall: Public: Settings: Apply local connection security rules;ExpectedValue', '=', parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules'), ',', 'Windows Firewall: Public: Settings: Apply local firewall rules;ExpectedValue', '=', parameters('WindowsFirewallPublicApplyLocalFirewallRules'), ',', 'Windows Firewall: Public: Settings: Display a notification;ExpectedValue', '=', parameters('WindowsFirewallPublicDisplayNotifications'), ',', 'Windows Firewall: Domain: Allow unicast response;ExpectedValue', '=', parameters('WindowsFirewallDomainAllowUnicastResponse'), ',', 'Windows Firewall: Private: Allow unicast response;ExpectedValue', '=', parameters('WindowsFirewallPrivateAllowUnicastResponse'), ',', 'Windows Firewall: Public: Allow unicast response;ExpectedValue', '=', parameters('WindowsFirewallPublicAllowUnicastResponse')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_WindowsFirewallProperties\"\r\n },\r\n \"WindowsFirewallDomainUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallDomainDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallPrivateUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallPrivateDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallPublicUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallPublicDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallDomainAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainAllowUnicastResponse')]\"\r\n },\r\n \"WindowsFirewallPrivateAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateAllowUnicastResponse')]\"\r\n },\r\n \"WindowsFirewallPublicAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicAllowUnicastResponse')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallDomainUseProfileSettings\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallDomainDisplayNotifications\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPrivateUseProfileSettings\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPrivateDisplayNotifications\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPublicUseProfileSettings\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPublicDisplayNotifications\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallDomainAllowUnicastResponse\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPrivateAllowUnicastResponse\": {\r\n \"type\": \"string\"\r\n },\r\n \"WindowsFirewallPublicAllowUnicastResponse\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Windows Firewall: Domain: Firewall state;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainUseProfileSettings')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Outbound connections;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainBehaviorForOutboundConnections')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Settings: Apply local connection security rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Settings: Apply local firewall rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalFirewallRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Settings: Display a notification;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainDisplayNotifications')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Firewall state;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateUseProfileSettings')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Outbound connections;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Settings: Apply local connection security rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Settings: Apply local firewall rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalFirewallRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Settings: Display a notification;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateDisplayNotifications')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Firewall state;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicUseProfileSettings')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Outbound connections;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicBehaviorForOutboundConnections')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Settings: Apply local connection security rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Settings: Apply local firewall rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalFirewallRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Settings: Display a notification;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicDisplayNotifications')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Allow unicast response;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainAllowUnicastResponse')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Allow unicast response;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateAllowUnicastResponse')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Allow unicast response;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicAllowUnicastResponse')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Windows Firewall: Domain: Firewall state;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainUseProfileSettings')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Outbound connections;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainBehaviorForOutboundConnections')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Settings: Apply local connection security rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Settings: Apply local firewall rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalFirewallRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Settings: Display a notification;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainDisplayNotifications')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Firewall state;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateUseProfileSettings')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Outbound connections;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Settings: Apply local connection security rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Settings: Apply local firewall rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalFirewallRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Settings: Display a notification;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateDisplayNotifications')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Firewall state;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicUseProfileSettings')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Outbound connections;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicBehaviorForOutboundConnections')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Settings: Apply local connection security rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Settings: Apply local firewall rules;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalFirewallRules')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Settings: Display a notification;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicDisplayNotifications')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Domain: Allow unicast response;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallDomainAllowUnicastResponse')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Private: Allow unicast response;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPrivateAllowUnicastResponse')]\"\r\n },\r\n {\r\n \"name\": \"Windows Firewall: Public: Allow unicast response;ExpectedValue\",\r\n \"value\": \"[parameters('WindowsFirewallPublicAllowUnicastResponse')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"909c958d-1b99-4c74-b88f-46a5c5bc34f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1133\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"90b60a09-133d-45bc-86ef-b206a6134bbe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell modules installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the specified Windows PowerShell modules installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"Modules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"PowerShell Modules\",\r\n \"description\": \"A semicolon-separated list of the names of the PowerShell modules that should be installed. You may also specify a specific version of a module that should be installed by including a comma after the module name, followed by the desired version. e.g. PSDscResources; SqlServerDsc, 12.0.0.0; ComputerManagementDsc, 6.1.0.0\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsPowerShellModules\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[PowerShellModules]PowerShellModules1;Modules', '=', parameters('Modules')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsPowerShellModules\"\r\n },\r\n \"Modules\": {\r\n \"value\": \"[parameters('Modules')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"Modules\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[PowerShellModules]PowerShellModules1;Modules\",\r\n \"value\": \"[parameters('Modules')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[PowerShellModules]PowerShellModules1;Modules\",\r\n \"value\": \"[parameters('Modules')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"90ba2ee7-4ca8-4673-84d1-c851c50d3baf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit Trail\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1140\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"90d8b8ad-8ee3-4db7-913f-2a53fcff5316\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1355 - Incident Response Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1355\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"90e01f69-3074-4de8-ade7-0fef3e7d83e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative Source)\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1657\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"90f01329-a100-43c2-af31-098996135d2b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Windows Components'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Windows Components'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_WindowsComponents\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9178b430-2295-406e-bb28-f6a7a2a2f897\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1069 - Wireless Access | Authentication And Encryption\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1069\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"91c97b44-791e-46e9-bad7-ab7c4949edbb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection / Analysis\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1370\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"924e1b2d-c502-478f-bfdb-a7e09a0d5c01\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MFA should be enabled accounts with write permissions on your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForWritePermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9297c21d-2ed6-4474-b48f-163f75654ce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1290 - Information System Backup\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1290\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"92f85ce9-17b7-49ea-85ee-ea7271ea6b82\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that contain certificates expiring within the specified number of days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that contain certificates expiring within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"CertificateExpiration\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9328f27e-611e-44a7-a244-39109d7d35ab\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9328f27e-611e-44a7-a244-39109d7d35ab\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs in which the Administrators group does not contain all of the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines in which the Administrators group does not contain all of the specified members. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"MembersToInclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to include\",\r\n \"description\": \"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AdministratorsGroupMembersToInclude\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[LocalGroup]AdministratorsGroup;MembersToInclude', '=', parameters('MembersToInclude')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AdministratorsGroupMembersToInclude\"\r\n },\r\n \"MembersToInclude\": {\r\n \"value\": \"[parameters('MembersToInclude')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"MembersToInclude\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LocalGroup]AdministratorsGroup;MembersToInclude\",\r\n \"value\": \"[parameters('MembersToInclude')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LocalGroup]AdministratorsGroup;MembersToInclude\",\r\n \"value\": \"[parameters('MembersToInclude')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"93507a81-10a4-4af0-9ee2-34cf25a96e98\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1575 - Acquisition Process | Functional Properties Of Security Controls\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1575\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1674\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"93e9e233-dd0a-4bde-aea5-1371bce0e002\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1297\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"93fd8af1-c161-4bae-9ba9-f62731f76439\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1284\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"942b3e97-6ae3-410e-a794-c9c999b97c0b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1379 - Incident Response Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1379\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9442dd2c-a07f-46cd-b55a-553b66ba47ca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1371 - Incident Reporting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1371\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9447f354-2c85-4700-93b3-ecdc6cb6a417\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation only in European data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation in the following locations only: North Europe, West Europe\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"northeurope\",\r\n \"westeurope\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"94c19f19-8192-48cd-a11b-e37099d3e36b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1526 - Access Agreements\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1526\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"953e6261-a05a-44fd-8246-000e1a3edbb9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Authentication should be enabled on your web app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the web app, or authenticate those that have tokens before they reach the web app\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthEnabled\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"95bccee9-a7f8-4bec-9ee9-62c3473701fc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1163 - Continuous Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1163\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"961663a1-8a91-4e59-b6f5-1eee57c0f49c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require specified tag on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enforces existence of a tag on resource groups.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/96670d01-0a4d-4649-9c89-2d3abc0a5025\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"96670d01-0a4d-4649-9c89-2d3abc0a5025\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1717 - Software, Firmware, And Information Integrity | Binary Or Machine Executable Code\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1717\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Advanced data security settings for SQL server should contain an email address to receive security alerts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Ensure that an email address is provided for the 'Send alerts to' field in the Advanced Data Security server settings. This email address receives alert notifications when anomalous activities are detected on SQL servers.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]\",\r\n \"notEquals\": \"\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9677b740-f641-4f3c-b9c5-466005c85278\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1453 - Physical Access Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1453\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9693b564-3008-42bc-9d5d-9c7fe198c011\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Adminstrative Templates - MSS (Legacy)'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Adminstrative Templates - MSS (Legacy)'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdminstrativeTemplatesMSSLegacy\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"97646672-5efa-4622-9b54-740270ad60bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic Code Analysis\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1607\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"976a74cf-b192-4d35-8cab-2068f272addb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Policy Change'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Policy Change'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"AuditAuthenticationPolicyChange\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Authentication Policy Change\",\r\n \"description\": \"Specifies whether audit events are generated when changes are made to authentication policy. This setting is useful for tracking changes in domain-level and forest-level trust and privileges that are granted to user accounts or groups.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"Success\"\r\n },\r\n \"AuditAuthorizationPolicyChange\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Authorization Policy Change\",\r\n \"description\": \"Specifies whether audit events are generated for assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesPolicyChange\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Audit Authentication Policy Change;ExpectedValue', '=', parameters('AuditAuthenticationPolicyChange'), ',', 'Audit Authorization Policy Change;ExpectedValue', '=', parameters('AuditAuthorizationPolicyChange')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesPolicyChange\"\r\n },\r\n \"AuditAuthenticationPolicyChange\": {\r\n \"value\": \"[parameters('AuditAuthenticationPolicyChange')]\"\r\n },\r\n \"AuditAuthorizationPolicyChange\": {\r\n \"value\": \"[parameters('AuditAuthorizationPolicyChange')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditAuthenticationPolicyChange\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditAuthorizationPolicyChange\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Authentication Policy Change;ExpectedValue\",\r\n \"value\": \"[parameters('AuditAuthenticationPolicyChange')]\"\r\n },\r\n {\r\n \"name\": \"Audit Authorization Policy Change;ExpectedValue\",\r\n \"value\": \"[parameters('AuditAuthorizationPolicyChange')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Authentication Policy Change;ExpectedValue\",\r\n \"value\": \"[parameters('AuditAuthenticationPolicyChange')]\"\r\n },\r\n {\r\n \"name\": \"Audit Authorization Policy Change;ExpectedValue\",\r\n \"value\": \"[parameters('AuditAuthorizationPolicyChange')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"97b595c8-fd10-400e-8543-28e2b9138b13\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1136 - Audit Record Retention\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1136\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"97ed5bac-a92f-4f6d-a8ed-dc094723597c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1378 - Incident Response Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1378\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"97fceb70-6983-42d0-9331-18ad8253184d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation only in United States data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"centralus\",\r\n \"eastus\",\r\n \"eastus2\",\r\n \"northcentralus\",\r\n \"southcentralus\",\r\n \"westus\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"983211ba-f348-4758-983b-21fa29294869\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Network'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Administrative Templates - Network'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"EnableInsecureGuestLogons\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable insecure guest logons\",\r\n \"description\": \"Specifies whether the SMB client will allow insecure guest logons to an SMB server.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow simultaneous connections to the Internet or a Windows Domain\",\r\n \"description\": \"Specify whether to prevent computers from connecting to both a domain based network and a non-domain based network at the same time. A value of 0 allows simultaneous connections, and a value of 1 blocks them.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"TurnOffMulticastNameResolution\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Turn off multicast name resolution\",\r\n \"description\": \"Specifies whether LLMNR, a secondary name resolution protocol that transmits using multicast over a local subnet link on a single subnet, is enabled.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdministrativeTemplatesNetwork\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Enable insecure guest logons;ExpectedValue', '=', parameters('EnableInsecureGuestLogons'), ',', 'Minimize the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue', '=', parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain'), ',', 'Turn off multicast name resolution;ExpectedValue', '=', parameters('TurnOffMulticastNameResolution')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_AdministrativeTemplatesNetwork\"\r\n },\r\n \"EnableInsecureGuestLogons\": {\r\n \"value\": \"[parameters('EnableInsecureGuestLogons')]\"\r\n },\r\n \"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain\": {\r\n \"value\": \"[parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain')]\"\r\n },\r\n \"TurnOffMulticastNameResolution\": {\r\n \"value\": \"[parameters('TurnOffMulticastNameResolution')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"EnableInsecureGuestLogons\": {\r\n \"type\": \"string\"\r\n },\r\n \"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain\": {\r\n \"type\": \"string\"\r\n },\r\n \"TurnOffMulticastNameResolution\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Enable insecure guest logons;ExpectedValue\",\r\n \"value\": \"[parameters('EnableInsecureGuestLogons')]\"\r\n },\r\n {\r\n \"name\": \"Minimize the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue\",\r\n \"value\": \"[parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain')]\"\r\n },\r\n {\r\n \"name\": \"Turn off multicast name resolution;ExpectedValue\",\r\n \"value\": \"[parameters('TurnOffMulticastNameResolution')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Enable insecure guest logons;ExpectedValue\",\r\n \"value\": \"[parameters('EnableInsecureGuestLogons')]\"\r\n },\r\n {\r\n \"name\": \"Minimize the number of simultaneous connections to the Internet or a Windows Domain;ExpectedValue\",\r\n \"value\": \"[parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain')]\"\r\n },\r\n {\r\n \"name\": \"Turn off multicast name resolution;ExpectedValue\",\r\n \"value\": \"[parameters('TurnOffMulticastNameResolution')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"985285b7-b97a-419c-8d48-c88cc934c8d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1076 - Use Of External Information Systems\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1076\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"98a4bd5f-6436-46d4-ad00-930b5b1dfed4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'HTTP Version' is the latest, if used to run the Api app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.http20Enabled\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"991310cd-e9f3-47bc-b7b6-f57b557d07db\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1102 - Audit Events\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1102\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9943c16a-c54c-4b4a-ad28-bfd938cdbf57\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1300 - Identification And Authentication (Organizational Users)\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1300\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"99deec7d-5526-472e-b07c-3645a792026a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity Functions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1036\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a16d673-8cf0-4dcf-b1d5-9b3e114fef71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"FTPS only should be required in your API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Enable FTPS enforcement for enhanced security\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/ftpsState\",\r\n \"equals\": \"FtpsOnly\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a1b8c48-453a-4044-86c3-d8bfd823e4f5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1021 - Account Management | Restrictions On Use Of Shared / Group Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1021\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a3eb0a3-428d-4669-baff-20a14eb4b551\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Azure SQL Database to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Azure SQL Database to stream to a regional Event Hub on any Azure SQL Database which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"fullName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Sql/servers/databases/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('fullName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"QueryStoreRuntimeStatistics\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"QueryStoreWaitStatistics\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Errors\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"DatabaseWaitStatistics\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Blocks\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"SQLInsights\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Audit\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"SQLSecurityAuditEvents\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Timeouts\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"AutomaticTuning\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Deadlocks\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled diagnostic settings for ', parameters('fullName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"fullName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9a7c7a7d-49e5-4213-bea8-6a502b6272e0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1049 - System Use Notification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1049\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9adf7ba7-900a-4f35-8d57-9f34aafc405c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1563 - Allocation Of Resources\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1563\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9afe2edf-232c-4fdf-8e6a-e867a5c525fd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1462 - Monitoring Physical Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1462\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9b1f3a9a-13a1-4b40-8420-36bca6fd8c02\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft IaaSAntimalware extension should be deployed on Windows servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Windows server VM without Microsoft IaaSAntimalware extension deployed.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9b597639-28e4-48eb-b506-56b05d366257\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1236 - Software Usage Restrictions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1236\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9ba3ed84-c768-4e18-b87c-34ef1aff1b57\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1525 - Personnel Transfer\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1525\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9be2f688-7a61-45e3-8230-e1ec93893f66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit API Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9bfe3727-0a17-471f-a2fe-eddd6b668745\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1138 - Audit Generation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1138\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9c284fc0-268a-4f29-af44-3c126674edb4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1135 - Non-Repudiation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1135\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9c308b6b-2429-4b97-86cf-081b8e737b04\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1489 - Location Of Information System Components\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1489\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9d0a794f-1444-4c96-9534-e35fc8c39c91\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'Java version' is the latest, if used as a part of the Funtion app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for Java software either due to security flaws or to include additional functionality. Using the latest Java version for Function apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"JavaLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest Java version\",\r\n \"description\": \"Latest supported Java version for App Services\"\r\n },\r\n \"defaultValue\": \"11\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"JAVA\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"like\": \"[concat('*', parameters('JavaLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.javaVersion\",\r\n \"like\": \"[concat(parameters('JavaLatestVersion'), '*')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1322 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1322\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9d1d971e-467e-4278-9633-c74c3d4fecc4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1233 - Configuration Management Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1233\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9d79001f-95fe-45d0-8736-f217e78c1f57\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1305 - Identification And Authentication (Org. Users) | Group Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1305\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9d9166a8-1722-4b8f-847c-2cf3f2618b3d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1259 - Contingency Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1259\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9d9e18f7-bad9-4d30-8806-a0c9d5e26208\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Access through Internet facing endpoint should be restricted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Azure Security center has identified some of your Network Security Groups' inbound rules to be too permissive. Inbound rules should not allow access from 'Any' or 'Internet' ranges. This can potentially enable attackers to easily target your resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"unprotectedNetworkEndpoint\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9daedab3-fb2d-461e-b861-71790eead4f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1500 - Rules Of Behavior\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1500\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9dd5b241-03cb-47d3-a5cd-4b89f9c53c92\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1482 - Temperature And Humidity Controls | Monitoring With Alarms / Notifications\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1482\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9df4277e-8c88-4d5c-9b1a-541d53d15d7b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1553\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9e5225fe-cdfb-4fce-9aec-0fe20dd53b62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1490 - Security Planning Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1490\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9e61da80-0957-4892-b70c-609d5eaafb6b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1504 - Information Security Architecture\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1504\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9e7c35d0-12d4-4e0c-80a2-8a352537aefd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1609 - Development Process, Standards, And Tools\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1609\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9e93fa71-42ac-41a7-b177-efbfdc53c69f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Append tag and its value from the resource group\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Appends the specified tag with its value from the resource group when any resource which is missing this tag is created or updated. Does not modify the tags of resources created before this policy was applied until those resources are changed. New 'modify' effect policies are available that support remediation of tags on existing resources (see https://aka.ms/modifydoc).\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"value\": \"[resourceGroup().tags[parameters('tagName')]]\",\r\n \"notEquals\": \"\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"append\",\r\n \"details\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourceGroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9ea02ca2-71db-412d-8b00-7c7ca9fcd32d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9ea02ca2-71db-412d-8b00-7c7ca9fcd32d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1494 - System Security Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1494\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9ed09d84-3311-4853-8b67-2b55dfa33d09\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1514 - Personnel Screening | Information With Special Protection Measures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1514\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9ed5ca00-0e43-434e-a018-7aab91461ba7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1187 - Configuration Change Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1187\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9f2b2f9e-4ba6-46c3-907f-66db138b6f85\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs that are not set to the specified time zone\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that are not set to the specified time zone. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsTimeZone\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9f658460-46b7-43af-8565-94fc0662be38\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1354 - Incident Response Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1354\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"9fd92c17-163a-4511-bb96-bbb476449796\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs on which the Log Analytics agent is not connected as expected\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsLogAnalyticsAgentConnection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a030a57e-4639-4e8f-ade9-a92f33afe7ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1145 - Security Assessments\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1145\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a0724970-9c75-4a64-a225-a28002953f28\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed resource types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables you to specify the resource types that your organization can deploy. Only resource types that support 'tags' and 'location' will be affected by this policy. To restrict all resources please duplicate this policy and change the 'mode' to 'All'.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesAllowed\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of resource types that can be deployed.\",\r\n \"displayName\": \"Allowed resource types\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('listOfResourceTypesAllowed')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a08ec900-254a-4555-9bf5-e42af04b5c5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1245 - Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1245\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a0e45314-57b8-4623-80cd-bbb561f59516\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1406 - Maintenance Tools | Inspect Media\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1406\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a0f5339c-9292-43aa-a0bc-d27c6b8e30aa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Security Center standard pricing tier should be selected\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The standard pricing tier enables threat detection for networks and virtual machines, providing threat intelligence, anomaly detection, and behavior analytics in Azure Security Center\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Security/pricings\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Security/pricings/pricingTier\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Security/pricings/pricingTier\",\r\n \"notEquals\": \"Standard\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1181c5f-672a-477a-979a-7d58aa086233\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1817ec0-a368-432a-8057-8371e17ac6ee\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1265\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a18adb5b-1db6-4a5b-901a-7d3797d12972\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Logic Apps to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Logic Apps to stream to a regional Event Hub when any Logic Apps which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Logic/workflows/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"WorkflowRuntime\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1dae6c7-13f3-48ea-a149-ff8442661f60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1dae6c7-13f3-48ea-a149-ff8442661f60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Administrative Templates - System'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Administrative Templates - System'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdministrativeTemplatesSystem\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a1e8dda3-9fd2-4835-aec3-0e55531fde33\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1612 - Developer Security Architecture And Design\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1612\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a2037b3d-8b04-4171-8610-e6d4f1d08db5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1197 - Configuration Change Control | Test / Validate / Document Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1197\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a20d2eaa-88e2-4907-96a2-8f3a05797e5c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1275\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a23d9d53-ad2e-45ef-afd5-e6d10900a737\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1690 - Information System Monitoring | System-Wide Intrusion Detection System\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1690\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a2567a23-d1c3-4783-99f3-d471302a4d6b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1410\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a2596a9f-e59f-420d-9625-6e0b536348be\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1059 - Remote Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1059\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a29b5d9f-4953-4afe-b560-203a6410b6b4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs that are not joined to the specified domain\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that are not joined to the specified domain. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsDomainMembership\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a29ee95c-0395-4515-9851-cc04ffe82a91\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1532 - Third-Party Personnel Security\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1532\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a2c66299-9017-4d95-8040-8bdbf7901d52\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1664\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a2cdf6b8-9505-4619-b579-309ba72037ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1252\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a328fd72-8ff5-4f96-8c9c-b30ed95db4ab\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1238 - User-Installed Software\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1238\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1693 - Information System Monitoring | System-Generated Alerts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1693\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a450eba6-2efc-4a00-846a-5804a93c6b77\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleDefinitions/type\",\r\n \"equals\": \"CustomRole\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a451c1ef-c6ca-483d-87ed-f49761e3ffb5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Web Application should only be accessible over HTTPS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a4af4a39-4135-47fb-b175-47fbdf85311d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1617 - Application Partitioning\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1617\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a631d8f5-eb81-4f9d-9ee1-74431371e4a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Auditing should be enabled on advanced data security settings on SQL Server\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Auditing tracks database events and writes them to an audit log in the Azure storage account. It also helps to maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"setting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Desired Auditing setting\"\r\n },\r\n \"allowedValues\": [\r\n \"enabled\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enabled\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"[parameters('setting')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"The Log Analytics agent should be installed on virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Windows/Linux virtual machines if the Log Analytics agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"in\": [\r\n \"MicrosoftMonitoringAgent\",\r\n \"OmsAgentForLinux\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a70ca396-0a34-413a-88e1-b956c1e683be\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1431 - Media Storage\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1431\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7173c52-2b99-4696-a576-63dd5f970ef4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1644 - Cryptographic Key Establishment And Management | Availability\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1644\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7211477-c970-446b-b4af-062f37461147\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1027 - Access Enforcement\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1027\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"DDoS Protection Standard should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableDDoSProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7aca53f-2ed4-4466-a25e-0b45ade68efd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1570 - Acquisition Process\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1570\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7fcf38d-bb09-4600-be7d-825046eb162a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Require encryption on Data Lake Store accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures encryption is enabled on all Data Lake Store accounts\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DataLakeStore/accounts/encryptionState\",\r\n \"equals\": \"Disabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a7ff3161-0087-490a-9ad9-ad6217f4f43a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1295 - Information System Recovery And Reconstitution\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1295\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a895fbdb-204d-4302-9689-0a59dc42b3d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated] Monitor unencrypted SQL databases in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Unencrypted SQL databases will be monitored by Azure Security Center as recommendations. This policy is deprecated and replaced by the following policy: Transparent Data Encryption on SQL databases should be enabled'\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"encryption\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a8bef009-a5c9-4d0f-90d7-6018734e8a16\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1283\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9172e76-7f56-46e9-93bf-75d69bdb5491\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1400 - Controlled Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1400\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a96d5098-a604-4cdf-90b1-ef6449a27424\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit Repositories\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1118\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a96f743d-a195-420d-983a-08aa06bc441e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1199 - Configuration Change Control | Cryptography Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1199\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9a08d1c-09b1-48f1-90ea-029bbdf7111e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - Detailed Tracking'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Detailed Tracking'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesDetailedTracking\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9a33475-481d-4b81-9116-0bf02ffe67e8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy network watcher when virtual networks are created\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"networkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"equals\": \"[field('location')]\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2016-09-01\",\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"name\": \"[concat('networkWatcher_', parameters('location'))]\",\r\n \"location\": \"[parameters('location')]\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1511 - Personnel Screening\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1511\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a9eae324-d327-4539-9293-b48e122465f8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MFA should be enabled on accounts with owner permissions on your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa633080-8b72-40c4-a2d7-d00c03e80bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that Register with Azure Active Directory is enabled on WEB App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Managed service identity in App Service makes the app more secure by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in the app service, the app will connect to other Azure services securely without the need of username and passwords\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.managedServiceIdentityId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aa81768c-cb87-4ce2-bfaa-00baa10d760c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1539 - Security Categorization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1539\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aabb155f-e7a5-4896-a767-e918bfae2ee0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1006 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1006\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aae8d54c-4bce-4c04-b3aa-5b65b67caac8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1461 - Monitoring Physical Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1461\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aafef03e-fea8-470b-88fa-54bd1fcd7064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1073 - Access Control For Mobile Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1073\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'PHP version' is the latest, if used as a part of the Function app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for Function apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"PHPLatestVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest PHP version\",\r\n \"description\": \"Latest supported PHP version for App Services\"\r\n },\r\n \"defaultValue\": \"7.3\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"notContains\": \"PHP\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"[concat('PHP|', parameters('PHPLatestVersion'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.linuxFxVersion\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/web.phpVersion\",\r\n \"equals\": \"[parameters('PHPLatestVersion')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ab965db2-d2bf-4b64-8b39-c38ec8179461\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Automatic provisioning of security monitoring agent\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Installs security agent on VMs for advanced security alerts and preventions in Azure Security Center. Applies only for subscriptions that use Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"AuditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"securityAgent\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abcc6037-1fc4-47f6-aac5-89706589be24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1323 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1323\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abe8f70b-680f-470c-9b86-a7edfb664ecc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Advanced data security should be enabled on your SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit SQL servers without Advanced Data Security\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/securityAlertPolicies/state\",\r\n \"equals\": \"Enabled\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Advanced data security should be enabled on your SQL managed instances\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit SQL managed instances without Advanced Data Security\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/managedInstances/securityAlertPolicies/state\",\r\n \"equals\": \"Enabled\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1056 - Session Termination | User-Initiated Logouts / Message Displays\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1056\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac43352f-df83-4694-8738-cfce549fd08d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Role-Based Access Control (RBAC) should be used on Kubernetes Services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"To provide granular filtering on the actions that users can perform, use Role-Based Access Control (RBAC) to manage permissions in Kubernetes Service Clusters and configure relevant authorization policies.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/enableRBAC\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/enableRBAC\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation if 'environment' tag value in allowed values\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging\",\r\n \"metadata\": {\r\n \"category\": \"Tags\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags['environment']\",\r\n \"in\": [\r\n \"production\",\r\n \"dev\",\r\n \"test\",\r\n \"staging\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ac7e5fc0-c029-4b12-91d4-a8500ce697f9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1569 - Acquisition Process\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1569\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ad2f8e61-a564-4dfd-8eaa-816f5be8cb34\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1454 - Physical Access Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1454\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ad58985d-ab32-4f99-8bd3-b7e134c90229\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1025 - Account Management | Account Monitoring / Atypical Usage\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1025\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"adfe020d-0a97-45f4-a39c-696ef99f3a95\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1272 - Alternate Processing Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1272\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"SQL Server should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any SQL Server not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/virtualNetworkRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/virtualNetworkRules/virtualNetworkSubnetId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ae5d2f14-d830-42b6-9899-df6cfe9c71a3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1598 - Developer Configuration Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1598\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ae7e1f5e-2d63-4b38-91ef-bce14151cce3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Email notifications to admins and subscription owners should be enabled in SQL managed instance advanced data security settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that 'email notification to admins and subscription owners' is enabled in the SQL managed instance advanced threat protection settings. This ensures that any detections of anomalous activities on SQL managed instance are reported as soon as possible to the admins.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/managedInstances/securityAlertPolicies/emailAccountAdmins\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeb23562-188d-47cb-80b8-551f16ef9fff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1413 - Nonlocal Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1413\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"aeedddb6-6bc0-42d5-809b-80048033419d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1710 - Security Function Verification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1710\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af2a93c8-e6dd-4c94-acdd-4a2eedfc478e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"endpointProtection\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af6cd1bd-1635-48cb-bde7-5b15693900b9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated] Monitor unaudited SQL servers in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"SQL servers which don't have SQL auditing turned on will be monitored by Azure Security Center as recommendations. This policy is deprecated and replaced by the following policy: 'Auditing should be enabled on advanced data security settings on SQL Server'\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.SQL/servers\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"auditing\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"af8051bf-258b-44e2-a2bf-165330459f9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric Keys\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1645\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"afbd0baf-ff1a-4447-a86f-088a97347c0c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1725 - Error Handling\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1725\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"afc234b5-456b-4aa5-b3e2-ce89108124cc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Activity log should be retained for at least one year\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits the activity log if the retention is not set for 365 days or forever (retention days set to 0).\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/logProfiles\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/retentionPolicy.days\",\r\n \"equals\": \"365\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/retentionPolicy.enabled\",\r\n \"equals\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b02aacc0-b073-424e-8298-42b22829ee0a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1429 - Media Marking\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1429\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b07c9b24-729e-4e85-95fc-f224d2d08a80\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1711 - Security Function Verification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1711\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b083a535-a66a-41ec-ba7f-f9498bf67cde\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Just-In-Time network access control should be applied on virtual machines\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"jitNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b0f33259-77d7-4c9e-aac6-3aabcfae693c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1571 - Acquisition Process\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1571\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b11c985b-f2cd-4bd7-85f4-b52426edf905\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Linux VMs that do not have the passwd file permissions set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that do not have the passwd file permissions set to 0644. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1537 - Risk Assessment Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1537\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b19454ca-0d70-42c0-acf5-ea1c1e5726d1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1091 - Security Awareness Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1091\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b23bd715-5d1c-4e5c-9759-9cbdf79ded9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1078 - Use Of External Information Systems | Limits On Authorized Use\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1078\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b25faf85-8a16-4f28-8e15-d05c0072d64d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1009 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1009\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b26f8610-e615-47c2-abd6-c00b2b0b503a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"All authorization rules except RootManageSharedAccessKey should be removed from Event Hub namespace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you shoud create access policies at the entity level for queues and topics to provide access to only the specific entity\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/authorizationRules\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"notEquals\": \"RootManageSharedAccessKey\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b278e460-7cfc-4451-8294-cccc40a940d7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1234 - Software Usage Restrictions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1234\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b293f881-361c-47ed-b997-bc4e2296bc0b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1107 - Content Of Audit Records\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1107\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b29ed931-8e21-4779-8458-27916122a904\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows web servers that are not using secure communication protocols\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"MinimumTLSVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Minimum TLS version\",\r\n \"description\": \"The minimum TLS protocol version that should be enabled. Windows web servers with lower TLS versions will be marked as non-compliant.\"\r\n },\r\n \"allowedValues\": [\r\n \"1.1\",\r\n \"1.2\"\r\n ],\r\n \"defaultValue\": \"1.1\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AuditSecureProtocol\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[SecureWebServer]s1;MinimumTLSVersion', '=', parameters('MinimumTLSVersion')))]\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"\"\r\n },\r\n {\r\n \"value\": \"[parameters('MinimumTLSVersion')]\",\r\n \"equals\": \"1.1\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AuditSecureProtocol\"\r\n },\r\n \"MinimumTLSVersion\": {\r\n \"value\": \"[parameters('MinimumTLSVersion')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"MinimumTLSVersion\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[SecureWebServer]s1;MinimumTLSVersion\",\r\n \"value\": \"[parameters('MinimumTLSVersion')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[SecureWebServer]s1;MinimumTLSVersion\",\r\n \"value\": \"[parameters('MinimumTLSVersion')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fc8f91-866d-4434-9089-5ebfe38d6fd8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - Logon-Logoff'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Logon-Logoff'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesLogonLogoff\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b3802d79-dd88-4bce-b81d-780218e48280\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1041\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b3d8d15b-627a-4219-8c96-4d16f788888b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1380 - Incident Response Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1380\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4319b7e-ea8d-42ff-8a67-ccd462972827\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Search services should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Search\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Search/searchServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4330a05-a843-4bc8-bf9a-cacce50c67f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1172 - Internal System Connections\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1172\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b43e946e-a4c8-4b92-8201-4a39331db43c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1672 - Flaw Remediation | Central Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1672\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b45fe972-904e-45a4-ac20-673ba027a301\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1131 - Protection Of Audit Information\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1131\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b472a17e-c2bc-493f-b50b-42d55a346962\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Sockets state for an API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within an API app must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b48334a4-911b-4084-b1ab-3e6a4e50b951\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b48334a4-911b-4084-b1ab-3e6a4e50b951\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"A security contact phone number should be provided for your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enter a phone number to receive notifications when Azure Security Center detects compromised resources\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/securityContacts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/securityContacts/phone\",\r\n \"notEquals\": \"\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4d66858-c922-44e3-9566-5cdb7a7be744\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1286\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b4f9b47a-2116-4e6f-88db-4edbf22753f1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Service Fabric clusters should only use Azure Active Directory for client authentication\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit usage of client authentication only via Azure Active Directory in Service Fabric\",\r\n \"metadata\": {\r\n \"category\": \"Service Fabric\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceFabric/clusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId\",\r\n \"equals\": \"\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b54ed75b-3e1a-44ac-a333-05ba39b99ff0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Advanced Threat Protection for Cosmos DB Accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables Advanced Threat Protection across Cosmos DB accounts.\",\r\n \"metadata\": {\r\n \"category\": \"Cosmos DB\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/advancedThreatProtectionSettings\",\r\n \"name\": \"current\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/advancedThreatProtectionSettings/isEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"cosmosDbAccountName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2019-01-01\",\r\n \"type\": \"Microsoft.DocumentDB/databaseAccounts/providers/advancedThreatProtectionSettings\",\r\n \"name\": \"[concat(parameters('cosmosDbAccountName'), '/Microsoft.Security/current')]\",\r\n \"properties\": {\r\n \"isEnabled\": true\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"cosmosDbAccountName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b5f04e03-92a3-4b09-9410-2cc5e5047656\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in App Services should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"notContains\": \"functionapp\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/detailedErrorLoggingEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/httpLoggingEnabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/requestTracingEnabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1419\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b6747bf9-2b97-45b8-b162-3c8becb9937d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1301 - Identification And Authentication (Org. Users) | Network Access To Privileged Accounts\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1301\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1568 - Acquisition Process\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1568\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b6a8eae8-9854-495a-ac82-d2cd3eac02a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Network Watcher should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Network Watcher is a regional service that enables you to monitor and diagnose conditions at a network scenario level in, to, and from Azure. Scenario level monitoring enables you to diagnose problems at an end to end network level view. Network diagnostic and visualization tools available with Network Watcher help you understand, diagnose, and gain insights to your network in Azure.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"listOfLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Locations\",\r\n \"description\": \"Audit if Network Watcher is not enabled for region(s).\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/networkWatchers\",\r\n \"resourceGroupName\": \"NetworkWatcherRG\",\r\n \"existenceCondition\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfLocations')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1608 - Supply Chain Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1608\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b73b7b3b-677c-4a2a-b949-ad4dc4acd89f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1401 - Controlled Maintenance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1401\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b78ee928-e3c1-4569-ad97-9f8c4b629847\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"API App should only be accessible over HTTPS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/httpsOnly\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b7ddfbdc-1260-477d-91fd-98bd9be789a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs in which the Administrators group does not contain only the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines in which the Administrators group does not contain only the specified members. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"Members\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members\",\r\n \"description\": \"A semicolon-separated list of all the expected members of the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AdministratorsGroupMembers\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[LocalGroup]AdministratorsGroup;Members', '=', parameters('Members')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AdministratorsGroupMembers\"\r\n },\r\n \"Members\": {\r\n \"value\": \"[parameters('Members')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"Members\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LocalGroup]AdministratorsGroup;Members\",\r\n \"value\": \"[parameters('Members')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[LocalGroup]AdministratorsGroup;Members\",\r\n \"value\": \"[parameters('Members')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b821191b-3a12-44bc-9c38-212138a29ff3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Accounts'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Accounts'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b872a447-cc6f-43b9-bccf-45703cd81607\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Logic Apps to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Logic Apps to stream to a regional Log Analytics workspace when any Logic Apps which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Logic/workflows\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Logic/workflows/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"WorkflowRuntime\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b889a06c-ec72-4b03-910a-cb169ee18721\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1257 - Contingency Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1257\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b958b241-4245-4bd6-bd2d-b8f0779fb543\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1186 - Configuration Change Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1186\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b95ba3bd-4ded-49ea-9d10-c6f4b680813d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1447 - Physical Access Authorizations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1447\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9783a99-98fe-4a95-873f-29613309fe9a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1625 - Boundary Protection | Access Points\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1625\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9b66a4d-70a1-4b47-8fa1-289cec68c605\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1610 - Development Process, Standards, And Tools\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1610\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b9f3fb54-4222-46a1-a308-4874061f8491\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Recovery console'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Recovery console'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsRecoveryconsole\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ba12366f-f9a6-42b8-9d98-157d0b1a837b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1606\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1726 - Information Handling And Retention\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1726\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"baff1279-05e0-4463-9a70-8ba5de4c7aa4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1166 - Continuous Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1166\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb02733d-3cc5-4bb0-a6cd-695ba2c2272e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1188 - Configuration Change Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1188\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bb20548a-c926-4e4d-855c-bcddc6faf95e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1533 - Third-Party Personnel Security\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1533\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bba2a036-fb3b-4261-b1be-a13dfb5fbcaa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Client'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Microsoft Network Client'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"MicrosoftNetworkClientDigitallySignCommunicationsAlways\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network client: Digitally sign communications (always)\",\r\n \"description\": \"Specifies whether packet signing is required by the SMB client component.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network client: Send unencrypted password to third-party SMB servers\",\r\n \"description\": \"Specifies whether the SMB redirector will send plaintext passwords during authentication to third-party SMB servers that do not support password encryption. It is recommended that you disable this policy setting unless there is a strong business case to enable it.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Amount of idle time required before suspending session\",\r\n \"description\": \"Specifies the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity. The format of the value is two integers separated by a comma, denoting an inclusive range.\"\r\n },\r\n \"defaultValue\": \"1,15\"\r\n },\r\n \"MicrosoftNetworkServerDigitallySignCommunicationsAlways\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Digitally sign communications (always)\",\r\n \"description\": \"Specifies whether packet signing is required by the SMB server component.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Disconnect clients when logon hours expire\",\r\n \"description\": \"Specifies whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. If you enable this policy setting you should also enable 'Network security: Force logoff when logon hours expire'\"\r\n },\r\n \"defaultValue\": \"1\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsMicrosoftNetworkClient\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Microsoft network client: Digitally sign communications (always);ExpectedValue', '=', parameters('MicrosoftNetworkClientDigitallySignCommunicationsAlways'), ',', 'Microsoft network client: Send unencrypted password to third-party SMB servers;ExpectedValue', '=', parameters('MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers'), ',', 'Microsoft network server: Amount of idle time required before suspending session;ExpectedValue', '=', parameters('MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession'), ',', 'Microsoft network server: Digitally sign communications (always);ExpectedValue', '=', parameters('MicrosoftNetworkServerDigitallySignCommunicationsAlways'), ',', 'Microsoft network server: Disconnect clients when logon hours expire;ExpectedValue', '=', parameters('MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsMicrosoftNetworkClient\"\r\n },\r\n \"MicrosoftNetworkClientDigitallySignCommunicationsAlways\": {\r\n \"value\": \"[parameters('MicrosoftNetworkClientDigitallySignCommunicationsAlways')]\"\r\n },\r\n \"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers\": {\r\n \"value\": \"[parameters('MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers')]\"\r\n },\r\n \"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession')]\"\r\n },\r\n \"MicrosoftNetworkServerDigitallySignCommunicationsAlways\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerDigitallySignCommunicationsAlways')]\"\r\n },\r\n \"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"MicrosoftNetworkClientDigitallySignCommunicationsAlways\": {\r\n \"type\": \"string\"\r\n },\r\n \"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers\": {\r\n \"type\": \"string\"\r\n },\r\n \"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession\": {\r\n \"type\": \"string\"\r\n },\r\n \"MicrosoftNetworkServerDigitallySignCommunicationsAlways\": {\r\n \"type\": \"string\"\r\n },\r\n \"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Microsoft network client: Digitally sign communications (always);ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkClientDigitallySignCommunicationsAlways')]\"\r\n },\r\n {\r\n \"name\": \"Microsoft network client: Send unencrypted password to third-party SMB servers;ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers')]\"\r\n },\r\n {\r\n \"name\": \"Microsoft network server: Amount of idle time required before suspending session;ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession')]\"\r\n },\r\n {\r\n \"name\": \"Microsoft network server: Digitally sign communications (always);ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkServerDigitallySignCommunicationsAlways')]\"\r\n },\r\n {\r\n \"name\": \"Microsoft network server: Disconnect clients when logon hours expire;ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Microsoft network client: Digitally sign communications (always);ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkClientDigitallySignCommunicationsAlways')]\"\r\n },\r\n {\r\n \"name\": \"Microsoft network client: Send unencrypted password to third-party SMB servers;ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers')]\"\r\n },\r\n {\r\n \"name\": \"Microsoft network server: Amount of idle time required before suspending session;ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession')]\"\r\n },\r\n {\r\n \"name\": \"Microsoft network server: Digitally sign communications (always);ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkServerDigitallySignCommunicationsAlways')]\"\r\n },\r\n {\r\n \"name\": \"Microsoft network server: Disconnect clients when logon hours expire;ExpectedValue\",\r\n \"value\": \"[parameters('MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bbcdd8fa-b600-4ee3-85b8-d184e3339652\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bbcdd8fa-b600-4ee3-85b8-d184e3339652\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit API Applications that are not using latest supported Python Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Python version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestPython\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc0378bb-d7ab-4614-a0f6-5a6e3f02d644\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1194 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1194\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc34667f-397e-4a65-9b72-d0358f0b6b09\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1095 - Role-Based Security Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1095\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc3f6f7a-057b-433e-9834-e8c97b0194f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - Account Logon'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Account Logon'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesAccountLogon\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc87d811-4a9b-47cc-ae54-0a41abda7768\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1427 - Media Protection Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1427\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bc90e44f-d83f-4bdf-900f-3d5eb4111b31\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1351 - Incident Response Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1351\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bcfb6683-05e5-4ce6-9723-c3fbe9896bdd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1050 - Concurrent Session Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1050\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bd20184c-b4ec-4ce5-8db6-6e86352d183f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: IP Forwarding on your virtual machine should be disabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Enabling IP forwarding on a virtual machine's NIC allows the machine to receive traffic addressed to other destinations. IP forwarding is rarely required (e.g., when using the VM as a network virtual appliance), and therefore, this should be reviewed by the network security team.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"disableIPForwarding\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"Monitored\",\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bd352bd5-2853-4985-bf0d-73806b4a5744\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Advanced Threat Protection types should be set to 'All' in SQL managed instance Advanced Data Security settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/managedInstances\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/managedInstances/securityAlertPolicies\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/managedInstances/securityAlertPolicies/disabledAlerts[*]\",\r\n \"equals\": \"\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bda18df3-5e41-4709-add9-2554ce68c966\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs in which the Administrators group contains any of the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines in which the Administrators group contains any of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AdministratorsGroupMembersToExclude\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bde62c94-ccca-4821-a815-92c1d31a76de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Applications that are not using latest supported Java Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestJava\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be0a7681-bed4-48dc-9ff3-f0171ee170b6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be0a7681-bed4-48dc-9ff3-f0171ee170b6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1360 - Incident Handling\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1360\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"be5b05e7-0b82-4ebc-9eda-25e447b1a41e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a regional Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bef3f64c-5290-43b7-85b0-9b254eef4c47\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1152 - System Interconnections\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1152\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"beff0acf-7e67-40b2-b1ca-1a0e8205cf1b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Geo-redundant storage should be enabled for Storage Accounts\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Storage Account with geo-redundant storage not enabled.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Storage/storageAccounts/sku.name\",\r\n \"in\": [\r\n \"Standard_GRS\",\r\n \"Standard_RAGRS\",\r\n \"Standard_GZRS\",\r\n \"Standard_RAGZRS\"\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bf045164-79ba-4215-8f95-f8048dc1780b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1590 - External Information System Services | Risk Assessments / Organizational Approvals\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1590\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bf296b8c-f391-4ea4-9198-be3c9d39dd1f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1446 - Physical And Environmental Protection Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1446\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bf6850fe-abba-468e-9ef4-d09ec7d983cd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Logon-Logoff'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Logon-Logoff'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"AuditGroupMembership\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Group Membership\",\r\n \"description\": \"Specifies whether audit events are generated when group memberships are enumerated on the client computer.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"Success\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesLogonLogoff\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Audit Group Membership;ExpectedValue', '=', parameters('AuditGroupMembership')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesLogonLogoff\"\r\n },\r\n \"AuditGroupMembership\": {\r\n \"value\": \"[parameters('AuditGroupMembership')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditGroupMembership\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Group Membership;ExpectedValue\",\r\n \"value\": \"[parameters('AuditGroupMembership')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Group Membership;ExpectedValue\",\r\n \"value\": \"[parameters('AuditGroupMembership')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c04255ee-1b9f-42c1-abaa-bf1553f79930\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Only approved VM extensions should be installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy governs the virtual machine extensions that are not approved.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"approvedExtensions\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of approved extension types that can be installed. Example: AzureDiskEncryption\",\r\n \"displayName\": \"Approved extensions\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"notIn\": \"[parameters('approvedExtensions')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c0e996f8-39cf-4af9-9f45-83fbde810432\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1124 - Audit Reduction And Report Generation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1124\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c10152dd-78f8-4335-ae2d-ad92cc028da4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1676 - Malicious Code Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1676\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c10fb58b-56a8-489e-9ce3-7ffe24e78e4b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1719 - Spam Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1719\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c13da9b4-fe14-4fe2-853a-5997c9d4215a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1226 - Information System Component Inventory | Automated Unauthorized Component Detection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1226\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c158eb1c-ae7e-4081-8057-d527140c4e0c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy associations for a custom provider\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys an association resource that associates selected resource types to the specified custom provider. This policy deployment does not support nested resource types.\",\r\n \"metadata\": {\r\n \"category\": \"Custom Provider\"\r\n },\r\n \"parameters\": {\r\n \"targetCustomProviderId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Custom provider Id\",\r\n \"description\": \"Resource ID of the Custom provider to which resources need to be associated.\"\r\n }\r\n },\r\n \"resourceTypesToAssociate\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource types to associate\",\r\n \"description\": \"The list of resource types to be associated to the custom provider.\",\r\n \"strongType\": \"resourceTypes\"\r\n }\r\n },\r\n \"associationNamePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Association name prefix\",\r\n \"description\": \"Prefix to be added to the name of the association resource being created.\"\r\n },\r\n \"defaultValue\": \"DeployedByPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": \"[parameters('resourceTypesToAssociate')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.CustomProviders/Associations\",\r\n \"name\": \"[concat(parameters('associationNamePrefix'), '-', uniqueString(parameters('targetCustomProviderId')))]\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"associatedResourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"resourceTypesToAssociate\": {\r\n \"type\": \"string\"\r\n },\r\n \"targetCustomProviderId\": {\r\n \"type\": \"string\"\r\n },\r\n \"associationNamePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"resourceType\": \"[concat(parameters('resourceTypesToAssociate'), '/providers/associations')]\",\r\n \"resourceName\": \"[concat(parameters('associatedResourceName'), '/microsoft.customproviders/', parameters('associationNamePrefix'), '-', uniqueString(parameters('targetCustomProviderId')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[concat(deployment().Name, '-2')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [\r\n {\r\n \"type\": \"[variables('resourceType')]\",\r\n \"name\": \"[variables('resourceName')]\",\r\n \"apiVersion\": \"2018-09-01-preview\",\r\n \"properties\": {\r\n \"targetResourceId\": \"[parameters('targetCustomProviderId')]\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceTypesToAssociate\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"associatedResourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"targetCustomProviderId\": {\r\n \"value\": \"[parameters('targetCustomProviderId')]\"\r\n },\r\n \"associationNamePrefix\": {\r\n \"value\": \"[parameters('associationNamePrefix')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c15c281f-ea5c-44cd-90b8-fc3c14d13f0c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c15c281f-ea5c-44cd-90b8-fc3c14d13f0c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1629 - Boundary Protection | External Telecommunications Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1629\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c171b095-7756-41de-8644-a062a96043f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1004 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1004\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c17822dc-736f-4eb4-a97d-e6be662ff835\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation only in Asia data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"eastasia\",\r\n \"southeastasia\",\r\n \"westindia\",\r\n \"southindia\",\r\n \"centralindia\",\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Logon'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Account Logon'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"AuditCredentialValidation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Credential Validation\",\r\n \"description\": \"Specifies whether audit events are generated when credentials are submitted for a user account logon request. This setting is especially useful for monitoring unsuccessful attempts, to find brute-force attacks, account enumeration, and potential account compromise events on domain controllers.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"Success and Failure\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesAccountLogon\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Audit Credential Validation;ExpectedValue', '=', parameters('AuditCredentialValidation')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesAccountLogon\"\r\n },\r\n \"AuditCredentialValidation\": {\r\n \"value\": \"[parameters('AuditCredentialValidation')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditCredentialValidation\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Credential Validation;ExpectedValue\",\r\n \"value\": \"[parameters('AuditCredentialValidation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Credential Validation;ExpectedValue\",\r\n \"value\": \"[parameters('AuditCredentialValidation')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1e289c0-ffad-475d-a924-adc058765d65\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1503 - Information Security Architecture\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1503\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c1fa9c2f-d439-4ab9-8b83-81fb1934f81d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs that are not set to the specified time zone\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that are not set to the specified time zone. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"TimeZone\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time zone\",\r\n \"description\": \"The expected time zone\"\r\n },\r\n \"allowedValues\": [\r\n \"(UTC-12:00) International Date Line West\",\r\n \"(UTC-11:00) Coordinated Universal Time-11\",\r\n \"(UTC-10:00) Aleutian Islands\",\r\n \"(UTC-10:00) Hawaii\",\r\n \"(UTC-09:30) Marquesas Islands\",\r\n \"(UTC-09:00) Alaska\",\r\n \"(UTC-09:00) Coordinated Universal Time-09\",\r\n \"(UTC-08:00) Baja California\",\r\n \"(UTC-08:00) Coordinated Universal Time-08\",\r\n \"(UTC-08:00) Pacific Time (US & Canada)\",\r\n \"(UTC-07:00) Arizona\",\r\n \"(UTC-07:00) Chihuahua, La Paz, Mazatlan\",\r\n \"(UTC-07:00) Mountain Time (US & Canada)\",\r\n \"(UTC-06:00) Central America\",\r\n \"(UTC-06:00) Central Time (US & Canada)\",\r\n \"(UTC-06:00) Easter Island\",\r\n \"(UTC-06:00) Guadalajara, Mexico City, Monterrey\",\r\n \"(UTC-06:00) Saskatchewan\",\r\n \"(UTC-05:00) Bogota, Lima, Quito, Rio Branco\",\r\n \"(UTC-05:00) Chetumal\",\r\n \"(UTC-05:00) Eastern Time (US & Canada)\",\r\n \"(UTC-05:00) Haiti\",\r\n \"(UTC-05:00) Havana\",\r\n \"(UTC-05:00) Indiana (East)\",\r\n \"(UTC-05:00) Turks and Caicos\",\r\n \"(UTC-04:00) Asuncion\",\r\n \"(UTC-04:00) Atlantic Time (Canada)\",\r\n \"(UTC-04:00) Caracas\",\r\n \"(UTC-04:00) Cuiaba\",\r\n \"(UTC-04:00) Georgetown, La Paz, Manaus, San Juan\",\r\n \"(UTC-04:00) Santiago\",\r\n \"(UTC-03:30) Newfoundland\",\r\n \"(UTC-03:00) Araguaina\",\r\n \"(UTC-03:00) Brasilia\",\r\n \"(UTC-03:00) Cayenne, Fortaleza\",\r\n \"(UTC-03:00) City of Buenos Aires\",\r\n \"(UTC-03:00) Greenland\",\r\n \"(UTC-03:00) Montevideo\",\r\n \"(UTC-03:00) Punta Arenas\",\r\n \"(UTC-03:00) Saint Pierre and Miquelon\",\r\n \"(UTC-03:00) Salvador\",\r\n \"(UTC-02:00) Coordinated Universal Time-02\",\r\n \"(UTC-02:00) Mid-Atlantic - Old\",\r\n \"(UTC-01:00) Azores\",\r\n \"(UTC-01:00) Cabo Verde Is.\",\r\n \"(UTC) Coordinated Universal Time\",\r\n \"(UTC+00:00) Dublin, Edinburgh, Lisbon, London\",\r\n \"(UTC+00:00) Monrovia, Reykjavik\",\r\n \"(UTC+00:00) Sao Tome\",\r\n \"(UTC+01:00) Casablanca\",\r\n \"(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna\",\r\n \"(UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague\",\r\n \"(UTC+01:00) Brussels, Copenhagen, Madrid, Paris\",\r\n \"(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb\",\r\n \"(UTC+01:00) West Central Africa\",\r\n \"(UTC+02:00) Amman\",\r\n \"(UTC+02:00) Athens, Bucharest\",\r\n \"(UTC+02:00) Beirut\",\r\n \"(UTC+02:00) Cairo\",\r\n \"(UTC+02:00) Chisinau\",\r\n \"(UTC+02:00) Damascus\",\r\n \"(UTC+02:00) Gaza, Hebron\",\r\n \"(UTC+02:00) Harare, Pretoria\",\r\n \"(UTC+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius\",\r\n \"(UTC+02:00) Jerusalem\",\r\n \"(UTC+02:00) Kaliningrad\",\r\n \"(UTC+02:00) Khartoum\",\r\n \"(UTC+02:00) Tripoli\",\r\n \"(UTC+02:00) Windhoek\",\r\n \"(UTC+03:00) Baghdad\",\r\n \"(UTC+03:00) Istanbul\",\r\n \"(UTC+03:00) Kuwait, Riyadh\",\r\n \"(UTC+03:00) Minsk\",\r\n \"(UTC+03:00) Moscow, St. Petersburg\",\r\n \"(UTC+03:00) Nairobi\",\r\n \"(UTC+03:30) Tehran\",\r\n \"(UTC+04:00) Abu Dhabi, Muscat\",\r\n \"(UTC+04:00) Astrakhan, Ulyanovsk\",\r\n \"(UTC+04:00) Baku\",\r\n \"(UTC+04:00) Izhevsk, Samara\",\r\n \"(UTC+04:00) Port Louis\",\r\n \"(UTC+04:00) Saratov\",\r\n \"(UTC+04:00) Tbilisi\",\r\n \"(UTC+04:00) Volgograd\",\r\n \"(UTC+04:00) Yerevan\",\r\n \"(UTC+04:30) Kabul\",\r\n \"(UTC+05:00) Ashgabat, Tashkent\",\r\n \"(UTC+05:00) Ekaterinburg\",\r\n \"(UTC+05:00) Islamabad, Karachi\",\r\n \"(UTC+05:00) Qyzylorda\",\r\n \"(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi\",\r\n \"(UTC+05:30) Sri Jayawardenepura\",\r\n \"(UTC+05:45) Kathmandu\",\r\n \"(UTC+06:00) Astana\",\r\n \"(UTC+06:00) Dhaka\",\r\n \"(UTC+06:00) Omsk\",\r\n \"(UTC+06:30) Yangon (Rangoon)\",\r\n \"(UTC+07:00) Bangkok, Hanoi, Jakarta\",\r\n \"(UTC+07:00) Barnaul, Gorno-Altaysk\",\r\n \"(UTC+07:00) Hovd\",\r\n \"(UTC+07:00) Krasnoyarsk\",\r\n \"(UTC+07:00) Novosibirsk\",\r\n \"(UTC+07:00) Tomsk\",\r\n \"(UTC+08:00) Beijing, Chongqing, Hong Kong, Urumqi\",\r\n \"(UTC+08:00) Irkutsk\",\r\n \"(UTC+08:00) Kuala Lumpur, Singapore\",\r\n \"(UTC+08:00) Perth\",\r\n \"(UTC+08:00) Taipei\",\r\n \"(UTC+08:00) Ulaanbaatar\",\r\n \"(UTC+08:45) Eucla\",\r\n \"(UTC+09:00) Chita\",\r\n \"(UTC+09:00) Osaka, Sapporo, Tokyo\",\r\n \"(UTC+09:00) Pyongyang\",\r\n \"(UTC+09:00) Seoul\",\r\n \"(UTC+09:00) Yakutsk\",\r\n \"(UTC+09:30) Adelaide\",\r\n \"(UTC+09:30) Darwin\",\r\n \"(UTC+10:00) Brisbane\",\r\n \"(UTC+10:00) Canberra, Melbourne, Sydney\",\r\n \"(UTC+10:00) Guam, Port Moresby\",\r\n \"(UTC+10:00) Hobart\",\r\n \"(UTC+10:00) Vladivostok\",\r\n \"(UTC+10:30) Lord Howe Island\",\r\n \"(UTC+11:00) Bougainville Island\",\r\n \"(UTC+11:00) Chokurdakh\",\r\n \"(UTC+11:00) Magadan\",\r\n \"(UTC+11:00) Norfolk Island\",\r\n \"(UTC+11:00) Sakhalin\",\r\n \"(UTC+11:00) Solomon Is., New Caledonia\",\r\n \"(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky\",\r\n \"(UTC+12:00) Auckland, Wellington\",\r\n \"(UTC+12:00) Coordinated Universal Time+12\",\r\n \"(UTC+12:00) Fiji\",\r\n \"(UTC+12:00) Petropavlovsk-Kamchatsky - Old\",\r\n \"(UTC+12:45) Chatham Islands\",\r\n \"(UTC+13:00) Coordinated Universal Time+13\",\r\n \"(UTC+13:00) Nuku'alofa\",\r\n \"(UTC+13:00) Samoa\",\r\n \"(UTC+14:00) Kiritimati Island\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsTimeZone\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[WindowsTimeZone]WindowsTimeZone1;TimeZone', '=', parameters('TimeZone')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsTimeZone\"\r\n },\r\n \"TimeZone\": {\r\n \"value\": \"[parameters('TimeZone')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"TimeZone\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\r\n \"value\": \"[parameters('TimeZone')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[WindowsTimeZone]WindowsTimeZone1;TimeZone\",\r\n \"value\": \"[parameters('TimeZone')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c21f7060-c148-41cf-a68b-0ab3e14c764c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs on which the specified services are not installed and 'Running'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines on which the specified services are not installed and 'Running'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsServiceStatus\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that '.Net Framework' version is the latest, if used as a part of the API app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for .Net Framework software either due to security flaws or to include additional functionality. Using the latest .Net framework version for web apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.netFrameworkVersion\",\r\n \"in\": [\r\n \"v3.0\",\r\n \"v4.0\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c2e7ca55-f62c-49b2-89a4-d41eb661d2f0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1176 - Baseline Configuration\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1176\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c30690a5-7bf3-467f-b0cd-ef5c7c7449cd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1389 - Information Spillage Response\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1389\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c39e6fda-ae70-4891-a739-be7bba6d1062\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1390 - Information Spillage Response | Responsible Personnel\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1390\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c3b65b63-09ec-4cb5-8028-7dd324d10eb0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"System updates on virtual machine scale sets should be installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit whether there are any missing system security updates and critical updates that should be installed to ensure that your Windows and Linux virtual machine scale sets are secure.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"SystemUpdates\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c3f317a7-a95c-4547-b7e7-11017ebdf2fe\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Linux VMs that have accounts without passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that have accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid232\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1220\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c40f31a7-81e1-4130-99e5-a02ceea2a1d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1513 - Personnel Screening | Information With Special Protection Measures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1513\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c416970d-b12b-49eb-8af4-fb144cd7c290\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Antimalware for Azure should be configured to automatically update protection signatures\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Windows virtual machine not configured with automatic update of Microsoft Antimalware protection signatures.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"equals\": \"Windows\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"IaaSAntimalware\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Security\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c43e4a30-77cb-48ab-a4dd-93f175c63b57\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Container Registry should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Container Registry not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerRegistry/registries\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ContainerRegistry/registries/networkRuleSet.defaultAction\",\r\n \"notEquals\": \"Deny\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerRegistry/registries/networkRuleSet.virtualNetworkRules[*].action\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c4857be7-912a-4c75-87e6-e30292bcdf78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1235 - Software Usage Restrictions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1235\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c49c610b-ece4-44b3-988c-2172b70d6e46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1173 - Internal System Connections\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1173\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c4aff9e7-2e60-46fa-86be-506b79033fc5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Managed identity should be used in your API App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Use a managed identity for enhanced authentication security\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/managedServiceIdentityId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Authentication should be enabled on your API app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authenticate those that have tokens before they reach the API app\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthEnabled\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c4ebc54a-46e1-481a-bee2-d4411e95d828\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c4ebc54a-46e1-481a-bee2-d4411e95d828\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1600 - Developer Security Testing And Evaluation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1600\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c53f3123-d233-44a7-930b-f40d3bfeb7d6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1408\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c5f56ac6-4bb2-4086-bc41-ad76344ba2c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that contain certificates expiring within the specified number of days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that contain certificates expiring within the specified number of days. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"CertificateStorePath\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate store path\",\r\n \"description\": \"The path to the certificate store containing the certificates to check the expiration dates of. Default value is 'Cert:' which is the root certificate store path, so all certificates on the machine will be checked. Other example paths: 'Cert:\\\\LocalMachine', 'Cert:\\\\LocalMachine\\\\TrustedPublisher', 'Cert:\\\\CurrentUser'\"\r\n },\r\n \"defaultValue\": \"Cert:\"\r\n },\r\n \"ExpirationLimitInDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expiration limit in days\",\r\n \"description\": \"An integer indicating the number of days within which to check for certificates that are expiring. For example, if this value is 30, any certificate expiring within the next 30 days will cause this policy to be non-compliant.\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"CertificateThumbprintsToInclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints to include\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints to check under the specified path. If a value is not specified, all certificates under the certificate store path will be checked. If a value is specified, no certificates other than those with the thumbprints specified will be checked. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"CertificateThumbprintsToExclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints to exclude\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints to ignore. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"IncludeExpiredCertificates\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Include expired certificates\",\r\n \"description\": \"Must be 'true' or 'false'. True indicates that any found certificates that have already expired will also make this policy non-compliant. False indicates that certificates that have expired will be be ignored.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"CertificateExpiration\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[CertificateStore]CertificateStore1;CertificateStorePath', '=', parameters('CertificateStorePath'), ',', '[CertificateStore]CertificateStore1;ExpirationLimitInDays', '=', parameters('ExpirationLimitInDays'), ',', '[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude', '=', parameters('CertificateThumbprintsToInclude'), ',', '[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude', '=', parameters('CertificateThumbprintsToExclude'), ',', '[CertificateStore]CertificateStore1;IncludeExpiredCertificates', '=', parameters('IncludeExpiredCertificates')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"CertificateExpiration\"\r\n },\r\n \"CertificateStorePath\": {\r\n \"value\": \"[parameters('CertificateStorePath')]\"\r\n },\r\n \"ExpirationLimitInDays\": {\r\n \"value\": \"[parameters('ExpirationLimitInDays')]\"\r\n },\r\n \"CertificateThumbprintsToInclude\": {\r\n \"value\": \"[parameters('CertificateThumbprintsToInclude')]\"\r\n },\r\n \"CertificateThumbprintsToExclude\": {\r\n \"value\": \"[parameters('CertificateThumbprintsToExclude')]\"\r\n },\r\n \"IncludeExpiredCertificates\": {\r\n \"value\": \"[parameters('IncludeExpiredCertificates')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"CertificateStorePath\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExpirationLimitInDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"CertificateThumbprintsToInclude\": {\r\n \"type\": \"string\"\r\n },\r\n \"CertificateThumbprintsToExclude\": {\r\n \"type\": \"string\"\r\n },\r\n \"IncludeExpiredCertificates\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateStorePath\",\r\n \"value\": \"[parameters('CertificateStorePath')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;ExpirationLimitInDays\",\r\n \"value\": \"[parameters('ExpirationLimitInDays')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude\",\r\n \"value\": \"[parameters('CertificateThumbprintsToInclude')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude\",\r\n \"value\": \"[parameters('CertificateThumbprintsToExclude')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;IncludeExpiredCertificates\",\r\n \"value\": \"[parameters('IncludeExpiredCertificates')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateStorePath\",\r\n \"value\": \"[parameters('CertificateStorePath')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;ExpirationLimitInDays\",\r\n \"value\": \"[parameters('ExpirationLimitInDays')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateThumbprintsToInclude\",\r\n \"value\": \"[parameters('CertificateThumbprintsToInclude')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;CertificateThumbprintsToExclude\",\r\n \"value\": \"[parameters('CertificateThumbprintsToExclude')]\"\r\n },\r\n {\r\n \"name\": \"[CertificateStore]CertificateStore1;IncludeExpiredCertificates\",\r\n \"value\": \"[parameters('IncludeExpiredCertificates')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c5fbc59e-fb6f-494f-81e2-d99a671bdaa8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1670 - Flaw Remediation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1670\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6108469-57ee-4666-af7e-79ba61c7ae0c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1190 - Configuration Change Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1190\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c66a3d1e-465b-4f28-9da5-aef701b59892\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration / Scanning And Monitoring Capabilities\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1120\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c69b870e-857b-458b-af02-bb234f7a00d3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1125 - Audit Reduction And Report Generation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1125\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1619 - Information In Shared Resources\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1619\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c722e569-cb52-45f3-a643-836547d016e1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation With Physical Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1121\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Authentication should be enabled on your Function app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the Function app, or authenticate those that have tokens before they reach the Function app\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/siteAuthEnabled\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1353 - Incident Response Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1353\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c785ad59-f78f-44ad-9a7f-d1202318c748\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Email notifications to admins and subscription owners should be enabled in SQL server advanced data security settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit that 'email notification to admins and subscription owners' is enabled in the SQL server advanced threat protection settings. This ensures that any detections of anomalous activities on SQL server are reported as soon as possible to the admins.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/securityAlertPolicies/emailAccountAdmins\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8343d2f-fdc9-4a97-b76f-fc71d1163bfc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Batch Account to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Batch Account to stream to a regional Log Analytics workspace when any Batch Account which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Batch/batchAccounts/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"ServiceLog\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c84e5349-db6d-4769-805e-e14037dab9b5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: API App should only be accessible over HTTPS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"api\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"apiApp\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"OnlyHttpsForApiApp\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c85538c1-b527-4ce4-bdb4-1dabcb3fd90d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1470 - Emergency Shutoff\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1470\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c89ba09f-2e0f-44d0-8095-65b05bd151ef\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Interactive Logon'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Interactive Logon'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsInteractiveLogon\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c8abcef9-fc26-482f-b8db-5fa60ee4586d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1018 - Account Management | Role-Based Schemes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1018\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9121abf-e698-4ee9-b1cf-71ee528ff07f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Data Lake Analytics should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Data Lake\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c95c74d9-38fe-4f0d-af86-0c7d626a315c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'User Rights Assignment'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'User Rights Assignment'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_UserRightsAssignment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c961dac9-5916-42e8-8fb1-703148323994\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c961dac9-5916-42e8-8fb1-703148323994\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs with a pending reboot\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with a pending reboot. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsPendingReboot\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsPendingReboot\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c96f3246-4382-4264-bf6b-af0b35e23c3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy automatically deploys diagnostic settings to network security groups. A storage account with name '{storagePrefixParameter}{NSGLocation}' will be automatically created.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account\",\r\n \"description\": \"This prefix will be combined with the network security group location to form the created storage account name.\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist)\",\r\n \"description\": \"The resource group that the storage account will be created in. This resource group must already exist.\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setbypolicy\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n },\r\n \"nsgName\": {\r\n \"type\": \"string\"\r\n },\r\n \"rgName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"storageDeployName\": \"[concat('policyStorage_', uniqueString(parameters('location'), parameters('nsgName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"name\": \"[concat(parameters('nsgName'),'/Microsoft.Insights/setbypolicy')]\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [\r\n \"[variables('storageDeployName')]\"\r\n ],\r\n \"properties\": {\r\n \"storageAccountId\": \"[reference(variables('storageDeployName')).outputs.storageAccountId.value]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": true,\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('storageDeployName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('rgName')]\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-06-01\",\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"name\": \"[concat(parameters('storageprefix'), parameters('location'))]\",\r\n \"sku\": {\r\n \"name\": \"Standard_LRS\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"kind\": \"Storage\",\r\n \"location\": \"[parameters('location')]\",\r\n \"tags\": {\r\n \"created-by\": \"policy\"\r\n },\r\n \"scale\": null,\r\n \"properties\": {\r\n \"networkAcls\": {\r\n \"bypass\": \"AzureServices\",\r\n \"defaultAction\": \"Allow\",\r\n \"ipRules\": [],\r\n \"virtualNetworkRules\": []\r\n },\r\n \"supportsHttpsTrafficOnly\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"storageAccountId\": {\r\n \"type\": \"string\",\r\n \"value\": \"[resourceId(parameters('rgName'), 'Microsoft.Storage/storageAccounts',concat(parameters('storagePrefix'), parameters('location')))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('storagePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('rgName')]\"\r\n },\r\n \"nsgName\": {\r\n \"value\": \"[field('name')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Storage accounts should allow access from trusted Microsoft services\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Some Microsoft services that interact with storage accounts operate from networks that can't be granted access through network rules. To help this type of service work as intended, allow the set of trusted Microsoft services to bypass the network rules. These services will then use strong authentication to access the storage account.\",\r\n \"metadata\": {\r\n \"category\": \"Storage\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\r\n \"notContains\": \"AzureServices\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"c9d007d0-c057-4772-b18c-01e546713bcd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1035 - Least Privilege | Authorize Access To Security Functions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1035\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca94b046-45e2-444f-a862-dc8ce262a516\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1243\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ca9a4469-d6df-4ab2-a42f-1213c396f0ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1306 - Identification And Authentication (Org. Users) | Net. Access To Priv. Accts. - Replay\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1306\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Remote debugging should be turned off for Web Applications\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.remoteDebuggingEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb510bfd-1cba-4d9f-a230-cb0976f4bb71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1486 - Alternate Work Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1486\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cb790345-a51f-43de-934e-98dbfaf9dca5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1167 - Continuous Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1167\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cbb2be76-4891-430b-95a7-ca0b0a3d1300\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1374 - Incident Response Assistance\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1374\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cc5c8616-52ef-4e5e-8000-491634ed9249\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs in which the Administrators group does not contain only the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines in which the Administrators group does not contain only the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AdministratorsGroupMembers\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cc7cda28-f867-4311-8497-a526129a8d19\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cc7cda28-f867-4311-8497-a526129a8d19\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Sensitive data in your SQL databases should be classified\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Azure Security Center monitors the data discovery and classification scan results for your SQL databases and provides recommendations to classify the sensitive data in your databases for better monitoring and security\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedInstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlDataClassification\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed virtual machine SKUs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.\",\r\n \"metadata\": {\r\n \"category\": \"Compute\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedSKUs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of SKUs that can be specified for virtual machines.\",\r\n \"displayName\": \"Allowed SKUs\",\r\n \"strongType\": \"VMSKUs\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": \"[parameters('listOfAllowedSKUs')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cccc23c7-8427-4f53-ad12-b6a63eb452b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1443 - Media Use\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1443\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd0ec6fa-a2e7-4361-aee4-a8688659a9ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit a tag from the resource group\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Adds or replaces the specified tag and value from the parent resource group when any resource is created or updated. Existing resources can be remediated by triggering a remediation task.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[resourceGroup().tags[parameters('tagName')]]\"\r\n },\r\n {\r\n \"value\": \"[resourceGroup().tags[parameters('tagName')]]\",\r\n \"notEquals\": \"\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"addOrReplace\",\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourceGroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd3aa116-8754-49c9-a813-ad46512ece54\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd3aa116-8754-49c9-a813-ad46512ece54\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation if 'department' tag set\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation only if the 'department' tag is set\",\r\n \"metadata\": {\r\n \"category\": \"Tags\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags\",\r\n \"containsKey\": \"department\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd8dc879-a2ae-43c3-8211-1877c5755064\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1582 - Information System Documentation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1582\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cd9e2f38-259b-462c-bfad-0ad7ab4e65c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that allow re-use of the previous 24 passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that allow re-use of the previous 24 passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"EnforcePasswordHistory\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1104 - Audit Events\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1104\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cdd8d244-18b2-4306-a1d1-df175ae0935f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Privilege Use'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Privilege Use'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesPrivilegeUse\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesPrivilegeUse\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ce2370f6-0ac5-4d85-8ab4-10721cc640b0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1209 - Configuration Settings\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1209\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ce669c31-9103-4552-ae9c-cdef4e03580d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1242\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf3b3293-667a-445e-a722-fa0b0afc0958\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1097 - Role-Based Security Training | Suspicious Communications And Anomalous System Behavior\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1097\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf3e4836-f19e-47eb-a8cd-c3ca150452c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1424\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf55fc87-48e1-4676-a2f8-d9a8cf993283\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Key Vault should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cf820ca0-f99e-4f3e-84fb-66e913812d21\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1292\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d03516cf-0293-489f-9b32-a18f2a79f836\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1724 - Error Handling\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1724\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d07594d1-0307-4c08-94db-5d71ff31f0f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1084 - Publicly Accessible Content\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1084\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d0eb15db-dd1c-4d1d-b200-b12dd6cd060c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Add or replace a tag on resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Adds or replaces the specified tag and value when any resource group is created or updated. Existing resource groups can be remediated by triggering a remediation task.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n },\r\n \"tagValue\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Value\",\r\n \"description\": \"Value of the tag, such as 'production'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"notEquals\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"addOrReplace\",\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[parameters('tagValue')]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d157c373-a6c4-483d-aaad-570756956268\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce SSL connection should be enabled for PostgreSQL database servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any PostgreSQL server that is not enforcing SSL connection. Azure Database for PostgreSQL prefers connecting your client applications to the PostgreSQL service using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man-in-the-middle' attacks by encrypting the data stream between the server and your application\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\r\n \"notEquals\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d158790f-bfb0-486c-8631-2dc6b4e8e6af\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1620 - Denial Of Service Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1620\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d17c826b-1dec-43e1-a984-7b71c446649c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1409\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1880188-e51a-4772-b2ab-68f5e8bd27f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Function Apps that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a Function app from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"functionapp,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1cb47db-b7a1-4c46-814e-aad1c0e84f3c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1195 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1195\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d1e1d65c-1013-4484-bd54-991332e6a0d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1721 - Spam Protection | Central Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1721\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1106 - Audit Events | Reviews And Updates\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1106\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d2b4feae-61ab-423f-a4c5-0e38ac4464d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation Of Information Flows\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1030\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d3531453-b869-4606-9122-29c1cd6e7ed1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs on which the DSC configuration is not compliant\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows VMs on which the Desired State Configuration (DSC) configuration is not compliant. This policy is only applicable to machines with WMF 4 and above. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsDscConfiguration\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsDscConfiguration\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d38b4c26-9d2e-47d7-aefe-18d859a8706a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Long-term geo-redundant backup should be enabled for Azure SQL Databases\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Azure SQL Database with long-term geo-redundant backup not enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers/databases\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/weeklyRetention\",\r\n \"notEquals\": \"PT0S\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/monthlyRetention\",\r\n \"notEquals\": \"PT0S\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies/yearlyRetention\",\r\n \"notEquals\": \"PT0S\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d38fc420-0735-4ef3-ac11-c806f651a570\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic Or Alternate Physical Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1641\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d39d4f68-7346-4133-8841-15318a714a24\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1249 - Contingency Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1249\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d3bf4251-0818-42db-950b-afd5b25a51c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1562 - Allocation Of Resources\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1562\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d4142013-7964-4163-a313-a900301c2cef\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Virtual machines should be connected to an approved virtual network\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any virtual machine connected to a virtual network that is not approved.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"The effect determines what happens when the policy rule is evaluated to match\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"virtualNetworkId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Virtual network Id\",\r\n \"description\": \"Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkInterfaces\"\r\n },\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/networkInterfaces/ipconfigurations[*].subnet.id\",\r\n \"like\": \"[concat(parameters('virtualNetworkId'),'/*')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d416745a-506c-48b6-8ab1-83cb814bcaa3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1383 - Incident Response Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1383\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d4558451-e16a-4d2d-a066-fe12a6282bb9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1112 - Response To Audit Processing Failures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1112\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d530aad8-4ee2-45f4-b234-c061dae683c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a regional Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_logAnalytics\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeAnalytics/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DataLakeAnalytics/accounts/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"Audit\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Requests\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1585 - Security Engineering Principles\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1585\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d57f8732-5cdc-4cda-8d27-ab148e1f3a55\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1667 - System And Information Integrity Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1667\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d61880dc-6e38-4f2a-a30c-3406a98f8220\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1150 - Security Assessments | External Organizations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1150\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d630429d-e763-40b1-8fba-d20ba7314afb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Event Hub should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Event Hub not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/virtualNetworkRules\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.EventHub/namespaces/virtualNetworkRules/virtualNetworkSubnetId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d63edb4a-c612-454d-b47d-191a724fcbf0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1549 - Vulnerability Scanning\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1549\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d6976a08-d969-4df2-bb38-29556c2eb48a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1473 - Emergency Power\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1473\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7047705-d719-46a7-8bb0-76ad233eba71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1529 - Third-Party Personnel Security\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1529\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d74fdc92-1cb8-4a34-9978-8556425cd14c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1350 - Identification And Authentication (Non-Org. Users) | Use Of FICAM-Issued Profiles\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1350\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d77fd943-6ba6-4a21-ba07-22b03e347cc4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows Server VMs on which Windows Serial Console is not enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows Server virtual machines on which Windows Serial Console is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsSerialConsole\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d7ccd0ca-8d78-42af-a43d-6b7f928accbc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1016 - Account Management | Automated Audit Actions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1016\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d8b43277-512e-40c3-ab00-14b3b6e72238\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1488 - Alternate Work Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1488\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d8ef30eb-a44f-47af-8524-ac19a36d41d2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1577\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d922484a-8cfc-4a6b-95a4-77d6a685407f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1271\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da3bfb53-9c46-4010-b3db-a7ba1296dada\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1516 - Personnel Termination\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1516\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"da3cd269-156f-435b-b472-c3af34c032ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Batch Account to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Batch Account to stream to a regional Event Hub when any Batch Account which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Batch/batchAccounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Batch/batchAccounts/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"ServiceLog\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/db51110f-0865-4a6e-b274-e2e07a5b2cd7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"db51110f-0865-4a6e-b274-e2e07a5b2cd7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1277\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dc43e829-3d50-4a0a-aa0f-428d551862aa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1439 - Media Sanitization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1439\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dce72873-c5f1-47c3-9b4f-6b8207fd5a45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1264\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd280d4b-50a1-42fb-a479-ece5878acf19\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Applications that are not using custom domains\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use of custom domains protects a web application from common attacks such as phishing and other DNS-related attacks.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UsedCustomDomains\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd2ea520-6b06-45c3-806e-ea297c23e06a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd2ea520-6b06-45c3-806e-ea297c23e06a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'System Audit Policies - Policy Change'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - Policy Change'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesPolicyChange\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd4680ed-0559-4a6a-ad10-081d14cbb484\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1715 - Software, Firmware, And Information Integrity | Automated Response To Integrity Violations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1715\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd469ae0-71a8-4adc-aafc-de6949ca3339\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1678 - Malicious Code Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1678\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd533cb0-b416-4be7-8e86-4d154824dfd7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1391 - Information Spillage Response | Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1391\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd6ac1a1-660e-4810-baa8-74e868e2ed47\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1146 - Security Assessments\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1146\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dd83410c-ecb6-4547-8f14-748c3cbdc7ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1602 - Developer Security Testing And Evaluation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1602\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ddae2e97-a449-499f-a1c8-aea4a7e52ec9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Settings - Account Policies'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Settings - Account Policies'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecuritySettingsAccountPolicies\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ddb53c61-9db4-41d4-a953-2abff5b66c12\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ddb53c61-9db4-41d4-a953-2abff5b66c12\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Recovery console'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Recovery console'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery console: Allow floppy copy and access to all drives and all folders\",\r\n \"description\": \"Specifies whether to make the Recovery Console SET command available, which allows setting of recovery console environment variables.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsRecoveryconsole\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Recovery console: Allow floppy copy and access to all drives and all folders;ExpectedValue', '=', parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsRecoveryconsole\"\r\n },\r\n \"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"value\": \"[parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Recovery console: Allow floppy copy and access to all drives and all folders;ExpectedValue\",\r\n \"value\": \"[parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Recovery console: Allow floppy copy and access to all drives and all folders;ExpectedValue\",\r\n \"value\": \"[parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1689 - Information System Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1689\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"de901f2f-a01a-4456-97f0-33cda7966172\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1528 - Access Agreements\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1528\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"deb9797c-22f8-40e8-b342-a84003c924e6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1673\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"dff0b90d-5a6f-491c-b2f8-b90aa402d844\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Allow resource creation only in Japan data centers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Allows resource creation in the following locations only: Japan East, Japan West\",\r\n \"metadata\": {\r\n \"category\": \"General\",\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": [\r\n \"japaneast\",\r\n \"japanwest\"\r\n ]\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"Deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e01598e8-6538-41ed-95e8-8b29746cd697\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Cosmos DB should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Cosmos DB not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DocumentDB/databaseAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DocumentDB/databaseAccounts/virtualNetworkRules[*].id\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1206 - Access Restrictions For Change | Limit Production / Operational Privileges\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1206\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e0de232d-02a0-4652-872d-88afb4ae5e91\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell execution policy\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines where Windows PowerShell is not configured to use the specified PowerShell execution policy. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ExecutionPolicy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"PowerShell Execution Policy\",\r\n \"description\": \"The expected PowerShell execution policy.\"\r\n },\r\n \"allowedValues\": [\r\n \"AllSigned\",\r\n \"Bypass\",\r\n \"Default\",\r\n \"RemoteSigned\",\r\n \"Restricted\",\r\n \"Undefined\",\r\n \"Unrestricted\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsPowerShellExecutionPolicy\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy', '=', parameters('ExecutionPolicy')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"WindowsPowerShellExecutionPolicy\"\r\n },\r\n \"ExecutionPolicy\": {\r\n \"value\": \"[parameters('ExecutionPolicy')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ExecutionPolicy\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy\",\r\n \"value\": \"[parameters('ExecutionPolicy')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[PowerShellExecutionPolicy]PowerShellExecutionPolicy1;ExecutionPolicy\",\r\n \"value\": \"[parameters('ExecutionPolicy')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e0efc13a-122a-47c5-b817-2ccfe5d12615\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1714 - Software, Firmware, And Information Integrity | Automated Notifications Of Integrity Violations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1714\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e12494fa-b81e-4080-af71-7dbacc2da0ec\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1686 - Information System Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1686\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e17085c5-0be8-4423-b39b-a52d3d1402e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1722 - Spam Protection | Automatic Updates\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1722\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1da06bd-25b6-4127-a301-c313d6873fff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerabilities in security configuration on your machines should be remediated\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"osVulnerabilities\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1047 - System Use Notification\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1047\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1276\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e214e563-1206-4a43-a56b-ac5880c9c571\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1560 - System And Services Acquisition Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1560\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e29e0915-5c2f-4d09-8806-048b749ad763\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that 'HTTP Version' is the latest, if used to run the Function app\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.http20Enabled\",\r\n \"equals\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2c1c086-2d84-4019-bff3-c44ccd95113c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMSS as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n {\r\n \"not\": {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageId\",\r\n \"in\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"2008-R2-SP1\",\r\n \"2008-R2-SP1-smalldisk\",\r\n \"2012-Datacenter\",\r\n \"2012-Datacenter-smalldisk\",\r\n \"2012-R2-Datacenter\",\r\n \"2012-R2-Datacenter-smalldisk\",\r\n \"2016-Datacenter\",\r\n \"2016-Datacenter-Server-Core\",\r\n \"2016-Datacenter-Server-Core-smalldisk\",\r\n \"2016-Datacenter-smalldisk\",\r\n \"2016-Datacenter-with-Containers\",\r\n \"2016-Datacenter-with-RDSH\",\r\n \"2019-Datacenter\",\r\n \"2019-Datacenter-Core\",\r\n \"2019-Datacenter-Core-smalldisk\",\r\n \"2019-Datacenter-Core-with-Containers\",\r\n \"2019-Datacenter-Core-with-Containers-smalldisk\",\r\n \"2019-Datacenter-smalldisk\",\r\n \"2019-Datacenter-with-Containers\",\r\n \"2019-Datacenter-with-Containers-smalldisk\",\r\n \"2019-Datacenter-zhcn\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerSemiAnnual\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"Datacenter-Core-1709-smalldisk\",\r\n \"Datacenter-Core-1709-with-Containers-smalldisk\",\r\n \"Datacenter-Core-1803-with-Containers-smalldisk\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServerHPCPack\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"WindowsServerHPCPack\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2016-BYOL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"*-WS2012R2-BYOL\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftRServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"MLServer-WS2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftVisualStudio\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"VisualStudio\",\r\n \"Windows\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftDynamicsAX\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Dynamics\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"equals\": \"Pre-Req-AX7-Onebox-U8\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"windows-data-science-vm\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsDesktop\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Windows-10\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"RHEL\",\r\n \"RHEL-SAP-HANA\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"SUSE\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"SLES\",\r\n \"SLES-HPC\",\r\n \"SLES-HPC-Priority\",\r\n \"SLES-SAP\",\r\n \"SLES-SAP-BYOS\",\r\n \"SLES-Priority\",\r\n \"SLES-BYOS\",\r\n \"SLES-SAPCAL\",\r\n \"SLES-Standard\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"12-SP2\",\r\n \"12-SP3\",\r\n \"12-SP4\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"14.04.0-LTS\",\r\n \"14.04.1-LTS\",\r\n \"14.04.5-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"16.04-LTS\",\r\n \"16.04.0-LTS\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"in\": [\r\n \"18.04-LTS\"\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"Centos\",\r\n \"Centos-LVM\",\r\n \"CentOS-SRIOV\"\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"like\": \"7*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.Azure.Monitoring.DependencyAgent\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2dd799a-a932-4e9d-ac17-d473bc3c6c10\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1161 - Continuous Monitoring\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1161\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e2f8f6c6-dde4-436b-a79d-bc50e129eb3a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1387 - Information Spillage Response\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1387\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3007185-3857-43a9-8237-06ca94f1084c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1479 - Fire Protection | Automatic Fire Suppression\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1479\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e327b072-281d-4f75-9c28-4216e5d72f26\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Azure VPN gateways should not use 'basic' SKU\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy ensures that VPN gateways do not use 'basic' SKU.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworkGateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworkGateways/gatewayType\",\r\n \"equals\": \"Vpn\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworkGateways/sku.tier\",\r\n \"equals\": \"Basic\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e345b6c3-24bd-4c93-9bbb-7e5e49a17b78\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"MFA should be enabled on accounts with read permissions on your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"EnableMFAForReadPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3576e28-8b17-4677-84c3-db2990658d64\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Shutdown'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Shutdown'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsShutdown\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3a77a94-cf41-4ee8-b45c-98be28841c03\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3a77a94-cf41-4ee8-b45c-98be28841c03\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Security Settings - Account Policies'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Settings - Account Policies'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"EnforcePasswordHistory\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enforce password history\",\r\n \"description\": \"Specifies limits on password reuse - how many times a new password must be created for a user account before the password can be repeated.\"\r\n },\r\n \"defaultValue\": \"24\"\r\n },\r\n \"MaximumPasswordAge\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Maximum password age\",\r\n \"description\": \"Specifies the maximum number of days that may elapse before a user account password must be changed. The format of the value is two integers separated by a comma, denoting an inclusive range.\"\r\n },\r\n \"defaultValue\": \"1,70\"\r\n },\r\n \"MinimumPasswordAge\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Minimum password age\",\r\n \"description\": \"Specifies the minimum number of days that must elapse before a user account password can be changed.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"MinimumPasswordLength\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Minimum password length\",\r\n \"description\": \"Specifies the minimum number of characters that a user account password may contain.\"\r\n },\r\n \"defaultValue\": \"14\"\r\n },\r\n \"PasswordMustMeetComplexityRequirements\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Password must meet complexity requirements\",\r\n \"description\": \"Specifies whether a user account password must be complex. If required, a complex password must not contain part of user's account name or full name; be at least 6 characters long; contain a mix of uppercase, lowercase, number, and non-alphabetic characters.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecuritySettingsAccountPolicies\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Enforce password history;ExpectedValue', '=', parameters('EnforcePasswordHistory'), ',', 'Maximum password age;ExpectedValue', '=', parameters('MaximumPasswordAge'), ',', 'Minimum password age;ExpectedValue', '=', parameters('MinimumPasswordAge'), ',', 'Minimum password length;ExpectedValue', '=', parameters('MinimumPasswordLength'), ',', 'Password must meet complexity requirements;ExpectedValue', '=', parameters('PasswordMustMeetComplexityRequirements')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecuritySettingsAccountPolicies\"\r\n },\r\n \"EnforcePasswordHistory\": {\r\n \"value\": \"[parameters('EnforcePasswordHistory')]\"\r\n },\r\n \"MaximumPasswordAge\": {\r\n \"value\": \"[parameters('MaximumPasswordAge')]\"\r\n },\r\n \"MinimumPasswordAge\": {\r\n \"value\": \"[parameters('MinimumPasswordAge')]\"\r\n },\r\n \"MinimumPasswordLength\": {\r\n \"value\": \"[parameters('MinimumPasswordLength')]\"\r\n },\r\n \"PasswordMustMeetComplexityRequirements\": {\r\n \"value\": \"[parameters('PasswordMustMeetComplexityRequirements')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"EnforcePasswordHistory\": {\r\n \"type\": \"string\"\r\n },\r\n \"MaximumPasswordAge\": {\r\n \"type\": \"string\"\r\n },\r\n \"MinimumPasswordAge\": {\r\n \"type\": \"string\"\r\n },\r\n \"MinimumPasswordLength\": {\r\n \"type\": \"string\"\r\n },\r\n \"PasswordMustMeetComplexityRequirements\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Enforce password history;ExpectedValue\",\r\n \"value\": \"[parameters('EnforcePasswordHistory')]\"\r\n },\r\n {\r\n \"name\": \"Maximum password age;ExpectedValue\",\r\n \"value\": \"[parameters('MaximumPasswordAge')]\"\r\n },\r\n {\r\n \"name\": \"Minimum password age;ExpectedValue\",\r\n \"value\": \"[parameters('MinimumPasswordAge')]\"\r\n },\r\n {\r\n \"name\": \"Minimum password length;ExpectedValue\",\r\n \"value\": \"[parameters('MinimumPasswordLength')]\"\r\n },\r\n {\r\n \"name\": \"Password must meet complexity requirements;ExpectedValue\",\r\n \"value\": \"[parameters('PasswordMustMeetComplexityRequirements')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Enforce password history;ExpectedValue\",\r\n \"value\": \"[parameters('EnforcePasswordHistory')]\"\r\n },\r\n {\r\n \"name\": \"Maximum password age;ExpectedValue\",\r\n \"value\": \"[parameters('MaximumPasswordAge')]\"\r\n },\r\n {\r\n \"name\": \"Minimum password age;ExpectedValue\",\r\n \"value\": \"[parameters('MinimumPasswordAge')]\"\r\n },\r\n {\r\n \"name\": \"Minimum password length;ExpectedValue\",\r\n \"value\": \"[parameters('MinimumPasswordLength')]\"\r\n },\r\n {\r\n \"name\": \"Password must meet complexity requirements;ExpectedValue\",\r\n \"value\": \"[parameters('PasswordMustMeetComplexityRequirements')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3d95ab7-f47a-49d8-a347-784177b6c94c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1451 - Physical Access Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1451\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e3f1e5a3-25c1-4476-8cb6-3955031f8e65\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1357 - Incident Response Training | Automated Training Environments\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1357\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e4213689-05e8-4241-9d4e-8dd1cdafd105\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - User Account Control'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - User Account Control'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"UACAdminApprovalModeForTheBuiltinAdministratorAccount\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Admin Approval Mode for the Built-in Administrator account\",\r\n \"description\": \"Specifies the behavior of Admin Approval Mode for the built-in Administrator account.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Behavior of the elevation prompt for administrators in Admin Approval Mode\",\r\n \"description\": \"Specifies the behavior of the elevation prompt for administrators.\"\r\n },\r\n \"defaultValue\": \"2\"\r\n },\r\n \"UACDetectApplicationInstallationsAndPromptForElevation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Detect application installations and prompt for elevation\",\r\n \"description\": \"Specifies the behavior of application installation detection for the computer.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"UACRunAllAdministratorsInAdminApprovalMode\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Run all administrators in Admin Approval Mode\",\r\n \"description\": \"Specifies the behavior of all User Account Control (UAC) policy settings for the computer.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsUserAccountControl\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('User Account Control: Admin Approval Mode for the Built-in Administrator account;ExpectedValue', '=', parameters('UACAdminApprovalModeForTheBuiltinAdministratorAccount'), ',', 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode;ExpectedValue', '=', parameters('UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode'), ',', 'User Account Control: Detect application installations and prompt for elevation;ExpectedValue', '=', parameters('UACDetectApplicationInstallationsAndPromptForElevation'), ',', 'User Account Control: Run all administrators in Admin Approval Mode;ExpectedValue', '=', parameters('UACRunAllAdministratorsInAdminApprovalMode')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsUserAccountControl\"\r\n },\r\n \"UACAdminApprovalModeForTheBuiltinAdministratorAccount\": {\r\n \"value\": \"[parameters('UACAdminApprovalModeForTheBuiltinAdministratorAccount')]\"\r\n },\r\n \"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode\": {\r\n \"value\": \"[parameters('UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode')]\"\r\n },\r\n \"UACDetectApplicationInstallationsAndPromptForElevation\": {\r\n \"value\": \"[parameters('UACDetectApplicationInstallationsAndPromptForElevation')]\"\r\n },\r\n \"UACRunAllAdministratorsInAdminApprovalMode\": {\r\n \"value\": \"[parameters('UACRunAllAdministratorsInAdminApprovalMode')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"UACAdminApprovalModeForTheBuiltinAdministratorAccount\": {\r\n \"type\": \"string\"\r\n },\r\n \"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode\": {\r\n \"type\": \"string\"\r\n },\r\n \"UACDetectApplicationInstallationsAndPromptForElevation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UACRunAllAdministratorsInAdminApprovalMode\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"User Account Control: Admin Approval Mode for the Built-in Administrator account;ExpectedValue\",\r\n \"value\": \"[parameters('UACAdminApprovalModeForTheBuiltinAdministratorAccount')]\"\r\n },\r\n {\r\n \"name\": \"User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode;ExpectedValue\",\r\n \"value\": \"[parameters('UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode')]\"\r\n },\r\n {\r\n \"name\": \"User Account Control: Detect application installations and prompt for elevation;ExpectedValue\",\r\n \"value\": \"[parameters('UACDetectApplicationInstallationsAndPromptForElevation')]\"\r\n },\r\n {\r\n \"name\": \"User Account Control: Run all administrators in Admin Approval Mode;ExpectedValue\",\r\n \"value\": \"[parameters('UACRunAllAdministratorsInAdminApprovalMode')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"User Account Control: Admin Approval Mode for the Built-in Administrator account;ExpectedValue\",\r\n \"value\": \"[parameters('UACAdminApprovalModeForTheBuiltinAdministratorAccount')]\"\r\n },\r\n {\r\n \"name\": \"User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode;ExpectedValue\",\r\n \"value\": \"[parameters('UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode')]\"\r\n },\r\n {\r\n \"name\": \"User Account Control: Detect application installations and prompt for elevation;ExpectedValue\",\r\n \"value\": \"[parameters('UACDetectApplicationInstallationsAndPromptForElevation')]\"\r\n },\r\n {\r\n \"name\": \"User Account Control: Run all administrators in Admin Approval Mode;ExpectedValue\",\r\n \"value\": \"[parameters('UACRunAllAdministratorsInAdminApprovalMode')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e425e402-a050-45e5-b010-bd3f934589fc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1340 - Authenticator Management | No Embedded Unencrypted Static Authenticators\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1340\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e51ff84b-e5ea-408f-b651-2ecc2933e4c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1381 - Incident Response Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1381\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e5368258-9684-4567-8126-269f34e65eab\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1421 - Maintenance Personnel\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1421\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e539caaa-da8c-41b8-9e1e-449851e2f7a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1716 - Software, Firmware, And Information Integrity | Integration Of Detection And Response\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1716\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e54c325e-42a0-4dcf-b105-046e0f6f590f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1023 - Account Management | Usage Conditions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1023\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e55698b6-3dea-4aa9-99b9-d8218c6ab6e5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that can be specified when deploying resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notEquals\": \"global\"\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"notEquals\": \"Microsoft.AzureActiveDirectory/b2cDirectories\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e56962a6-4747-49cd-b67b-bf8b01975c4c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1296\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e57b98a0-a011-4956-a79d-5d17ed8b8e48\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1499 - Rules Of Behavior\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1499\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e59671ab-9720-4ee2-9c60-170e8c82251e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Accounts'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Accounts'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"AccountsGuestAccountStatus\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Accounts: Guest account status\",\r\n \"description\": \"Specifies whether the local Guest account is disabled.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsAccounts\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Accounts: Guest account status;ExpectedValue', '=', parameters('AccountsGuestAccountStatus')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsAccounts\"\r\n },\r\n \"AccountsGuestAccountStatus\": {\r\n \"value\": \"[parameters('AccountsGuestAccountStatus')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AccountsGuestAccountStatus\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Accounts: Guest account status;ExpectedValue\",\r\n \"value\": \"[parameters('AccountsGuestAccountStatus')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Accounts: Guest account status;ExpectedValue\",\r\n \"value\": \"[parameters('AccountsGuestAccountStatus')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e5b81f87-9185-4224-bf00-9f505e9f89f3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Applications that are not using latest supported Node.js Framework\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Use the latest supported Node.js version for the latest security classes. Using older classes and types can make your application vulnerable.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"UseLatestNodeJS\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e67687e8-08d5-4e7f-8226-5b4753bba008\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e67687e8-08d5-4e7f-8226-5b4753bba008\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access To Information Systems\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1465\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e6e41554-86b5-4537-9f7f-4fc41a1d1640\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Subnets should be associated with a Network Security Group\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Protect your subnet from potential threats by restricting access to it with a Network Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules that allow or deny network traffic to your subnet.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"networkSecurityGroupsOnSubnets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e71308d3-144b-4262-b144-efdc3cc90517\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1567 - System Development Life Cycle\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1567\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e72edbf6-aa61-436d-a227-0f32b77194b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1311 - Identifier Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1311\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7568697-0c9e-4ea3-9cec-9e567d14f3c6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Advanced Threat Protection types should be set to 'All' in SQL server Advanced Data Security settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/securityAlertPolicies\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]\",\r\n \"equals\": \"\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e756b945-1b1b-480b-8de8-9a0859d5f7ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1154 - System Interconnections | Unclassified Non-National Security System Connections\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1154\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Allowed locations for resource groups\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.\",\r\n \"metadata\": {\r\n \"category\": \"General\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"The list of locations that resource groups can be created in.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"Allowed locations\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n },\r\n {\r\n \"field\": \"location\",\r\n \"notIn\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e765b5de-1225-4ba3-bd56-1ac6695af988\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1273 - Alternate Processing Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1273\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e77fcbf2-a1e8-44f1-860e-ed6583761e65\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Deprecated]: Audit Web Sockets state for a Web Application\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"The Web Sockets protocol is vulnerable to different types of security threats. Use of Web Sockets within a web application must be carefully reviewed.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true,\r\n \"deprecated\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.Web/sites\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"WebApp\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"equals\": \"app,linux,container\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"DisableWebSockets\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e797f851-8be7-4c40-bb56-2e3395215b0e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e797f851-8be7-4c40-bb56-2e3395215b0e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1169 - Continuous Monitoring | Trend Analyses\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1169\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e7ba2cb3-5675-4468-8b50-8486bdd998a5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Enforce SSL connection should be enabled for MySQL database servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any MySQL server that is not enforcing SSL connection. Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforMySQL/servers\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\r\n \"notEquals\": \"Enabled\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e802a67a-daf5-4436-9ea6-f6d821dd0c5d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1237 - Software Usage Restrictions | Open Source Software\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1237\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e80b6812-0bfa-4383-8223-cdd86a46a890\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerabilities in container security configurations should be remediated\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit vulnerabilities in security configuration on machines with Docker installed and display as recommendations in Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"ContainerBenchmark\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e8cbc669-f12d-49eb-93e7-9273119e9933\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Data Lake Storage Gen1 to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Data Lake Storage Gen1 to stream to a regional Event Hub when any Data Lake Storage Gen1 which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DataLakeStore/accounts\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DataLakeStore/accounts/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"Audit\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Requests\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d096bc-85de-4c5f-8cfb-857bd1b9d62d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e8d096bc-85de-4c5f-8cfb-857bd1b9d62d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1626 - Boundary Protection | External Telecommunications Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1626\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e8f6bddd-6d67-439a-88d4-c5fe39a79341\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1502\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e901375c-8f01-4ac8-9183-d5312f47fe63\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1723 - Information Input Validation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1723\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e91927a0-ac1d-44a0-95f8-5185f9dfce9f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1200 - Security Impact Analysis\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1200\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e98fe9d7-2ed3-44f8-93b7-24dca69783ff\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1487 - Alternate Work Site\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1487\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c3371d-c30c-4f58-abd9-30b8a8199571\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Remote debugging should be turned off for API Apps\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Remote debugging requires inbound ports to be opened on an API apps. Remote debugging should be turned off.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"*api\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/remoteDebuggingEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1363\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea3e8156-89a1-45b1-8bd6-938abc79fdfd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Inherit a tag from the resource group if missing\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Adds the specified tag with its value from the parent resource group when any resource missing this tag is created or updated. Existing resources can be remediated by triggering a remediation task. If the tag exists with a different value it will not be changed.\",\r\n \"metadata\": {\r\n \"category\": \"Tags\"\r\n },\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Tag Name\",\r\n \"description\": \"Name of the tag, such as 'environment'\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"value\": \"[resourceGroup().tags[parameters('tagName')]]\",\r\n \"notEquals\": \"\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"add\",\r\n \"field\": \"[concat('tags[', parameters('tagName'), ']')]\",\r\n \"value\": \"[resourceGroup().tags[parameters('tagName')]]\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ea3f2387-9b95-492a-a190-fcdc54f7b070\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea3f2387-9b95-492a-a190-fcdc54f7b070\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Key Vault should use a virtual network service endpoint\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Key Vault not configured to use a virtual network service endpoint.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.KeyVault/vaults/networkAcls.defaultAction\",\r\n \"notEquals\": \"Deny\"\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault/vaults/networkAcls.virtualNetworkRules[*].id\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea4d6841-2173-4317-9747-ff522a45120f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1422 - Maintenance Personnel\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1422\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ea556850-838d-4a37-8ce5-9d7642f95e11\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1542 - Risk Assessment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1542\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eab340d0-3d55-4826-a0e5-feebfeb0131d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure Function app has 'Client Certificates (Incoming client certificates)' set to 'On'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/clientCertEnabled\",\r\n \"equals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eaebaea7-8013-4ceb-9d14-7eb32271373c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1064 - Remote Access | Privileged Commands / Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1064\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1321 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1321\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eb627cc6-3a9d-46b5-96b7-5fca49178a37\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Log checkpoints should be enabled for PostgreSQL database servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy helps audit any PostgreSQL databases in your environment without log_checkpoints setting enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.DBforPostgreSQL/servers/configurations\",\r\n \"name\": \"log_checkpoints\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/configurations/value\",\r\n \"equals\": \"ON\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Log connections should be enabled for PostgreSQL database servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy helps audit any PostgreSQL databases in your environment without log_connections setting enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.DBforPostgreSQL/servers/configurations\",\r\n \"name\": \"log_connections\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/configurations/value\",\r\n \"equals\": \"ON\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eb6f77b9-bd53-4e35-a23d-7f65d5f0e442\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Disconnections should be logged for PostgreSQL database servers.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy helps audit any PostgreSQL databases in your environment without log_disconnections enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.DBforPostgreSQL/servers/configurations\",\r\n \"name\": \"log_disconnections\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/configurations/value\",\r\n \"equals\": \"ON\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eb6f77b9-bd53-4e35-a23d-7f65d5f0e446\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Log duration should be enabled for PostgreSQL database servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy helps audit any PostgreSQL databases in your environment without log_duration setting enabled.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.DBforPostgreSQL/servers/configurations\",\r\n \"name\": \"log_duration\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.DBforPostgreSQL/servers/configurations/value\",\r\n \"equals\": \"ON\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deprecated accounts with owner permissions should be removed from your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveDeprecatedAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ebb62a0c-3560-49e1-89ed-27e074e9f8ad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Linux virtual machines that allow remote connections from accounts without passwords. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid110\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid110\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Control Panel'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Administrative Templates - Control Panel'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdministrativeTemplatesControlPanel\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_AdministrativeTemplatesControlPanel\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ec7ac234-2af5-4729-94d2-c557c071799d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1241\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"eca4d7b2-65e2-4e04-95d4-c68606b063c3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1622 - Boundary Protection\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1622\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ecf56554-164d-499a-8d00-206b07c27bed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a regional Event Hub when any Key Vault which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\"\r\n },\r\n \"parameters\": {\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vaultName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.KeyVault/vaults/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('vaultName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"AuditEvent\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled diagnostic settings for ', parameters('vaultName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"vaultName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ed7c8c13-51e7-49d1-8a43-8490431a0da2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ed7c8c13-51e7-49d1-8a43-8490431a0da2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1217 - Least Functionality | Periodic Review\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1217\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"edea4f20-b02c-4115-be75-86c080e5c0ed\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a regional Event Hub when any Stream Analytics which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingjobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.StreamAnalytics/streamingjobs/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"Execution\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Authoring\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"edf3780c-3d70-40fe-b17e-ab72013dafca\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1189 - Configuration Change Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1189\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ee45e02a-4140-416c-82c4-fecfea660b9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1089 - Security Awareness Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Awareness and Training control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1089\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef080e67-0d1a-4f76-a0c5-fb9b0358485e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1314 - Identifier Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1314\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef0c8530-efd9-45b8-b753-f03083d06295\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1128 - Time Stamps\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1128\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef212163-3bc4-4e86-bcf8-705127086393\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerability assessment should be enabled on your SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit Azure SQL servers which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/vulnerabilityAssessments\",\r\n \"name\": \"default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/servers/vulnerabilityAssessments/recurringScans.isEnabled\",\r\n \"equals\": \"True\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Event Hub to Event Hub\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys the diagnostic settings for Event Hub to stream to a regional Event Hub when any Event Hub which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy_eventHub\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Event Hub Authorization Rule Id\",\r\n \"description\": \"The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}\",\r\n \"strongType\": \"Microsoft.EventHub/Namespaces/AuthorizationRules\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Event Hub - True or False\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"True\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.EventHub/namespaces/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"eventHubAuthorizationRuleId\": \"[parameters('eventHubRuleId')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"ArchiveLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"OperationalLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"AutoScaleLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"KafkaCoordinatorLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"EventHubVNetConnectionEvent\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"CustomerManagedKeyUserLogs\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"eventHubRuleId\": {\r\n \"value\": \"[parameters('eventHubRuleId')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ef7b61ef-b8e4-4c91-8e78-6946c6b0023f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef7b61ef-b8e4-4c91-8e78-6946c6b0023f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1472 - Emergency Shutoff\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1472\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ef869332-921d-4c28-9402-3be73e6e50c8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"The Log Analytics agent should be installed on Virtual Machine Scale Sets\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics agent is not installed.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachineScaleSets\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachineScaleSets/extensions\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/type\",\r\n \"in\": [\r\n \"MicrosoftMonitoringAgent\",\r\n \"OmsAgentForLinux\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/provisioningState\",\r\n \"equals\": \"Succeeded\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachineScaleSets/extensions/settings.workspaceId\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"efbde977-ba53-4479-b8e9-10b957924fbf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1012 - Account Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1012\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"efd7b9ae-1db6-4eb6-b0fe-87e6565f9738\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1358 - Incident Response Testing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Incident Response control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1358\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"effbaeef-5bf4-400d-895e-ef8cbc0e64c7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Ensure that Register with Azure Active Directory is enabled on Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Managed service identity in App Service makes the app more secure by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in the app service, the app will connect to other Azure services securely without the need of username and passwords\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/web.managedServiceIdentityId\",\r\n \"exists\": \"true\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0473e7a-a1ba-4e86-afb2-e829e11b01d8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to audit Windows VMs that have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that have the specified applications installed. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names (supports wildcards)\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should not be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"NotInstalledApplication\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[InstalledApplication]NotInstalledApplicationResource1;Name', '=', parameters('ApplicationName')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"NotInstalledApplication\"\r\n },\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ApplicationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[InstalledApplication]NotInstalledApplicationResource1;Name\",\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0633351-c7b2-41ff-9981-508fc08553c2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1531 - Third-Party Personnel Security\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1531\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0643e0c-eee5-4113-8684-c608d05c5236\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Latest TLS version should be used in your Web App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Upgrade to the latest TLS version\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"app*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"equals\": \"1.2\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1028 - Information Flow Enforcement\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1028\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f171df5c-921b-41e9-b12b-50801c315475\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Virtual networks should use specified virtual network gateway\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy audits any virtual network if the default route does not point to the specified virtual network gateway.\",\r\n \"metadata\": {\r\n \"category\": \"Network\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"virtualNetworkGatewayId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Virtual network gateway Id\",\r\n \"description\": \"Resource Id of the virtual network gateway. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Network/virtualNetworks/subnets\",\r\n \"name\": \"GatewaySubnet\",\r\n \"existenceCondition\": {\r\n \"not\": {\r\n \"field\": \"Microsoft.Network/virtualNetworks/subnets/ipConfigurations[*].id\",\r\n \"notContains\": \"[concat(parameters('virtualNetworkGatewayId'), '/')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f1776c76-f58c-4245-a8d0-2b207198dc8b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions set to 0644\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Linux virtual machines that do not have the passwd file permissions set to 0644. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordPolicy_msid121\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"PasswordPolicy_msid121\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Adminstrative Templates - MSS (Legacy)'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Adminstrative Templates - MSS (Legacy)'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_AdminstrativeTemplatesMSSLegacy\",\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_AdminstrativeTemplatesMSSLegacy\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\"\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f1f4825d-58fb-4257-8016-8c00e3c9ed9d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1701 - Information System Monitoring | Host-Based Devices\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1701\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f25bc08f-27cb-43b6-9a23-014d00700426\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1457 - Physical Access Control\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1457\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f2d9d3e6-8886-4305-865d-639163e5c305\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1309 - Identification And Authentication (Org. Users) | Acceptance Of Piv Credentials\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1309\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f355d62b-39a8-4ba3-abf7-90f71cb3b000\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1615 - System And Communications Protection Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1615\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f35e02aa-0a55-49f8-8811-8abfa7e6f2c0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1255\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f3793f5e-937f-44f7-bfba-40647ef3efa0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs in which the Administrators group does not contain all of the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines in which the Administrators group does not contain all of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AdministratorsGroupMembersToInclude\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f3b44e5d-1456-475f-9c67-c66c4618e85a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that do not contain the specified certificates in Trusted Root\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows VMs that do not contain the specified certificates in the Trusted Root Certification Authorities certificate store (Cert:\\\\LocalMachine\\\\Root). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsCertificateInTrustedRoot\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f3b9ad83-000d-4dc1-bff0-6d54533dd03f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1706 - Security Alerts, Advisories, And Directives\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1706\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f475ee0e-f560-4c9b-876b-04a77460a404\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Reports VMs as non-compliant if they not logging to the LA workspace specified in the policy/initiative assignment.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/extensions\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.EnterpriseCloud.Monitoring\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId\",\r\n \"notEquals\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f47b5582-33ec-4c5c-87c0-b010a6b2e917\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Authorization rules on the Event Hub instance should be defined\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Audit existence of authorization rules on Event Hub entities to grant least-privileged access\",\r\n \"metadata\": {\r\n \"category\": \"Event Hub\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.EventHub/namespaces/eventhubs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.EventHub/namespaces/eventHubs/authorizationRules\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4826e5f-6a27-407c-ae3e-9582eb39891d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs that do not have the password complexity setting enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not have the password complexity setting enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"PasswordMustMeetComplexityRequirements\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1495 - System Security Plan\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1495\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4978d0e-a596-48e7-9f8c-bbf52554ce8d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs that have not restarted within the specified number of days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines that have not restarted within the specified number of days. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"NumberOfDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Number of days\",\r\n \"description\": \"The number of days without restart until the machine is considered non-compliant\"\r\n },\r\n \"defaultValue\": \"12\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"MachineLastBootUpTime\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('[MachineUpTime]MachineLastBootUpTime;NumberOfDays', '=', parameters('NumberOfDays')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"MachineLastBootUpTime\"\r\n },\r\n \"NumberOfDays\": {\r\n \"value\": \"[parameters('NumberOfDays')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"NumberOfDays\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[MachineUpTime]MachineLastBootUpTime;NumberOfDays\",\r\n \"value\": \"[parameters('NumberOfDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"[MachineUpTime]MachineLastBootUpTime;NumberOfDays\",\r\n \"value\": \"[parameters('NumberOfDays')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4b245d4-46c9-42be-9b1a-49e2b5b94194\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy Auditing on SQL servers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy ensures that Auditing is enabled on SQL Servers for enhanced security and compliance. It will automatically create a storage account in the same region as the SQL server to store audit records.\",\r\n \"metadata\": {\r\n \"category\": \"SQL\"\r\n },\r\n \"parameters\": {\r\n \"retentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The value in days of the retention period (0 indicates unlimited retention)\",\r\n \"displayName\": \"Retention days (optional, 180 days if unspecified)\"\r\n },\r\n \"defaultValue\": \"180\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource group name for storage accounts\",\r\n \"description\": \"Auditing writes database events to an audit log in your Azure Storage account (a storage account will be created in each region where a SQL Server is created that will be shared by all servers in that region). Important - for proper operation of Auditing do not delete or rename the resource group or the storage accounts.\",\r\n \"strongType\": \"existingResourceGroups\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Sql/servers\"\r\n },\r\n \"then\": {\r\n \"effect\": \"DeployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"name\": \"Default\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Sql/auditingSettings.state\",\r\n \"equals\": \"Enabled\"\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3\",\r\n \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"type\": \"string\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"type\": \"string\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"retentionDays\": \"[int(parameters('auditRetentionDays'))]\",\r\n \"subscriptionId\": \"[subscription().subscriptionId]\",\r\n \"uniqueStorage\": \"[uniqueString(variables('subscriptionId'), parameters('location'), parameters('storageAccountsResourceGroup'))]\",\r\n \"locationCode\": \"[substring(parameters('location'), 0, 3)]\",\r\n \"storageName\": \"[tolower(concat('sqlaudit', variables('locationCode'), variables('uniqueStorage')))]\",\r\n \"createStorageAccountDeploymentName\": \"[concat('sqlServerAuditingStorageAccount-', uniqueString(variables('locationCode'), parameters('serverName')))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-05-10\",\r\n \"name\": \"[variables('createStorageAccountDeploymentName')]\",\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"resourceGroup\": \"[parameters('storageAccountsResourceGroup')]\",\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[parameters('location')]\"\r\n },\r\n \"storageName\": {\r\n \"value\": \"[variables('storageName')]\"\r\n }\r\n },\r\n \"templateLink\": {\r\n \"uri\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json\",\r\n \"contentVersion\": \"1.0.0.0\"\r\n }\r\n }\r\n },\r\n {\r\n \"name\": \"[concat(parameters('serverName'), '/Default')]\",\r\n \"type\": \"Microsoft.Sql/servers/auditingSettings\",\r\n \"apiVersion\": \"2017-03-01-preview\",\r\n \"properties\": {\r\n \"state\": \"Enabled\",\r\n \"storageEndpoint\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountEndPoint.value]\",\r\n \"storageAccountAccessKey\": \"[reference(variables('createStorageAccountDeploymentName')).outputs.storageAccountKey.value]\",\r\n \"retentionDays\": \"[variables('retentionDays')]\",\r\n \"auditActionsAndGroups\": null,\r\n \"storageAccountSubscriptionId\": \"[subscription().subscriptionId]\",\r\n \"isStorageSecondaryKeyInUse\": false\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"serverName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"auditRetentionDays\": {\r\n \"value\": \"[parameters('retentionDays')]\"\r\n },\r\n \"storageAccountsResourceGroup\": {\r\n \"value\": \"[parameters('storageAccountsResourceGroup')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f4c68484-132f-41f9-9b6d-3e4b1cb55036\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1469 - Power Equipment And Cabling\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1469\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1618 - Security Function Isolation\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1618\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f52f89aa-4489-4ec4-950e-8c96a036baa9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Access'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Network Access'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"NetworkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Remotely accessible registry paths\",\r\n \"description\": \"Specifies which registry paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key.\"\r\n },\r\n \"defaultValue\": \"System\\\\CurrentControlSet\\\\Control\\\\ProductOptions|#|System\\\\CurrentControlSet\\\\Control\\\\Server Applications|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Remotely accessible registry paths and sub-paths\",\r\n \"description\": \"Specifies which registry paths and sub-paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key.\"\r\n },\r\n \"defaultValue\": \"System\\\\CurrentControlSet\\\\Control\\\\Print\\\\Printers|#|System\\\\CurrentControlSet\\\\Services\\\\Eventlog|#|Software\\\\Microsoft\\\\OLAP Server|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Print|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows|#|System\\\\CurrentControlSet\\\\Control\\\\ContentIndex|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\UserConfig|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\DefaultUserConfiguration|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Perflib|#|System\\\\CurrentControlSet\\\\Services\\\\SysmonLog\"\r\n },\r\n \"NetworkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Shares that can be accessed anonymously\",\r\n \"description\": \"Specifies which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsNetworkAccess\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Network access: Remotely accessible registry paths;ExpectedValue', '=', parameters('NetworkAccessRemotelyAccessibleRegistryPaths'), ',', 'Network access: Remotely accessible registry paths and sub-paths;ExpectedValue', '=', parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths'), ',', 'Network access: Shares that can be accessed anonymously;ExpectedValue', '=', parameters('NetworkAccessSharesThatCanBeAccessedAnonymously')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SecurityOptionsNetworkAccess\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPaths')]\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths')]\"\r\n },\r\n \"NetworkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"value\": \"[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"type\": \"string\"\r\n },\r\n \"NetworkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Network access: Remotely accessible registry paths;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPaths')]\"\r\n },\r\n {\r\n \"name\": \"Network access: Remotely accessible registry paths and sub-paths;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths')]\"\r\n },\r\n {\r\n \"name\": \"Network access: Shares that can be accessed anonymously;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Network access: Remotely accessible registry paths;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPaths')]\"\r\n },\r\n {\r\n \"name\": \"Network access: Remotely accessible registry paths and sub-paths;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths')]\"\r\n },\r\n {\r\n \"name\": \"Network access: Shares that can be accessed anonymously;ExpectedValue\",\r\n \"value\": \"[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f56a3ab2-89d1-44de-ac0d-2ada5962e22a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1198 - Configuration Change Control | Security Representative\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1198\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f56be5c3-660b-4c61-9078-f67cf072c356\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1328 - Authenticator Management | Password-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1328\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f5c66fdc-3d02-4034-9db5-ba57802609de\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1193 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1193\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f5fd629f-3075-4cae-ab53-bad65495a4ac\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Virtual machines should be associated with a Network Security Group\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"Protect your VM from potential threats by restricting access to it with a Network Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules that allow or deny network traffic to your VM from other instances, in or outside the same subnet.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.ClassicCompute/virtualMachines\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"networkSecurityGroupsOnVirtualMachines\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1214 - Least Functionality\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1214\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f714a4e2-b580-47b6-ae8c-f2812d3750f3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1591 - External Information System Services | Ident. Of Functions / Ports / Protocols / Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1591\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f751cdb7-fbee-406b-969b-815d367cb9b3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1330 - Authenticator Management | Password-Based Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1330\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f75cedb2-5def-4b31-973e-b69e8c7bd031\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1540 - Security Categorization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1540\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f771f8cb-6642-45cc-9a15-8a41cd5c6977\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1449 - Physical Access Authorizations\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1449\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1506 - Personnel Security Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1506\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f7d2ff17-d604-4dd9-b607-9ecf63f28ad2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Windows VMs that do not have the specified Windows PowerShell execution policy\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines where Windows PowerShell is not configured to use the specified PowerShell execution policy. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"WindowsPowerShellExecutionPolicy\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8036bd0-c10b-4931-86bb-94a878add855\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1705 - Security Alerts, Advisories, And Directives\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1705\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f82e3639-fa2b-4e06-a786-932d8379b972\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"External accounts with owner permissions should be removed from your subscription\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"RemoveExternalAccountsWithOwnerPermissions\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8456c1c-aa66-4dfb-861a-25d127b775c9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1345 - Cryptographic Module Authentication\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1345\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f86aa129-7c07-4aa4-bbf5-792d93ffd9ea\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1065 - Remote Access | Privileged Commands / Access\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1065\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f87b8085-dca9-4cf1-8f7b-9822b997797c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - System'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a Guest Configuration assignment to audit Windows virtual machines with non-compliant settings in Group Policy category: 'System Audit Policies - System'. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ],\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"AuditOtherSystemEvents\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Other System Events\",\r\n \"description\": \"Specifies whether audit events are generated for Windows Firewall Service and Windows Firewall driver start and stop events, failure events for these services and Windows Firewall Service policy processing failures.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SystemAuditPoliciesSystem\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash\",\r\n \"equals\": \"[base64(concat('Audit Other System Events;ExpectedValue', '=', parameters('AuditOtherSystemEvents')))]\"\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"type\": {\r\n \"value\": \"[field('type')]\"\r\n },\r\n \"configurationName\": {\r\n \"value\": \"AzureBaseline_SystemAuditPoliciesSystem\"\r\n },\r\n \"AuditOtherSystemEvents\": {\r\n \"value\": \"[parameters('AuditOtherSystemEvents')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"type\": {\r\n \"type\": \"string\"\r\n },\r\n \"configurationName\": {\r\n \"type\": \"string\"\r\n },\r\n \"AuditOtherSystemEvents\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('microsoft.hybridcompute/machines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.HybridCompute/machines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Other System Events;ExpectedValue\",\r\n \"value\": \"[parameters('AuditOtherSystemEvents')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2018-11-20\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments\",\r\n \"name\": \"[concat(parameters('vmName'), '/Microsoft.GuestConfiguration/', parameters('configurationName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"guestConfiguration\": {\r\n \"name\": \"[parameters('configurationName')]\",\r\n \"version\": \"1.*\",\r\n \"configurationParameter\": [\r\n {\r\n \"name\": \"Audit Other System Events;ExpectedValue\",\r\n \"value\": \"[parameters('AuditOtherSystemEvents')]\"\r\n }\r\n ]\r\n }\r\n }\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"condition\": \"[equals(toLower(parameters('type')), toLower('Microsoft.Compute/virtualMachines'))]\",\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforWindows')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforWindows\",\r\n \"typeHandlerVersion\": \"1.1\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n },\r\n \"dependsOn\": [\r\n \"[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'),'/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/',parameters('configurationName'))]\"\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8b0158d-4766-490f-bea0-259e52dba473\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Service Bus should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Service Bus\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ServiceBus/namespaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f8d36e2f-389b-4ee4-898d-21aeb69a0f45\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement / Auditing\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1203\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9012d14-e3e6-4d7b-b926-9f37b5537066\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert Exfiltration\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1697\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9873db2-18ad-46b3-a11a-1a1f8cbf0335\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1478 - Fire Protection | Suppression Devices / Systems\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Physical and Environmental Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1478\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f997df46-cfbb-4cc8-aac8-3fecdaf6a183\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1535 - Personnel Sanctions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Personnel Security control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1535\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9a165d2-967d-4733-8399-1074270dae2e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1108 - Content Of Audit Records | Additional Audit Information\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1108\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9ad559e-c12d-415e-9a78-e50fdd7da7ba\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Diagnostic logs in Azure Stream Analytics should be enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised\",\r\n \"metadata\": {\r\n \"category\": \"Stream Analytics\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (days)\",\r\n \"description\": \"The required diagnostic logs retention in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.StreamAnalytics/streamingJobs\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"existenceCondition\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"0\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days\",\r\n \"equals\": \"[parameters('requiredRetentionDays')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9be5368-9bf5-4b84-9e0a-7850da98bb46\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Latest TLS version should be used in your Function App\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Upgrade to the latest TLS version\",\r\n \"metadata\": {\r\n \"category\": \"App Service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites\"\r\n },\r\n {\r\n \"field\": \"kind\",\r\n \"like\": \"functionapp*\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Web/sites/config\",\r\n \"name\": \"web\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"equals\": \"1.2\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f9d614c5-c173-4d56-95a7-b4437057d193\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Contingency Planning control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1280\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fa108498-b3a8-4ffb-9e79-1107e76afad3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1037 - Least Privilege | Network Access To Privileged Commands\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1037\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fa4c2a3d-1294-41a3-9ada-0e540471e9fb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1435 - Media Transport\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Media Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1435\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fa8d221b-d130-4637-ba16-501e666628bb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1675\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"facb66e0-1c48-478a-bed5-747a312323e1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Deploy prerequisites to enable Guest Configuration Policy on Linux VMs.\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"This policy creates a system-assigned managed identity and deploys the VM extension for Guest Configuration on Linux VMs. This is a prerequisites for Guest Configuration Policy and must be assigned to the scope before using any Guest Configuration policy. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol.\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"requiredProviders\": [\r\n \"Microsoft.GuestConfiguration\"\r\n ]\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"name\": \"AzurePolicyforLinux\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.GuestConfiguration\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"ConfigurationforLinux\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"apiVersion\": \"2017-03-30\",\r\n \"type\": \"Microsoft.Compute/virtualMachines\",\r\n \"identity\": {\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"name\": \"[parameters('vmName')]\",\r\n \"location\": \"[parameters('location')]\"\r\n },\r\n {\r\n \"apiVersion\": \"2015-05-01-preview\",\r\n \"name\": \"[concat(parameters('vmName'), '/AzurePolicyforLinux')]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"properties\": {\r\n \"publisher\": \"Microsoft.GuestConfiguration\",\r\n \"type\": \"ConfigurationforLinux\",\r\n \"typeHandlerVersion\": \"1.0\",\r\n \"autoUpgradeMinorVersion\": true,\r\n \"settings\": {},\r\n \"protectedSettings\": {}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1086 - Publicly Accessible Content\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1086\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fb321e6f-16a0-4be3-878f-500956e309c5\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1222 - Information System Component Inventory\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Configuration Management control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1222\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fb39e62f-6bda-4558-8088-ec03d5670914\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Upgrade your Kubernetes service cluster to a later Kubernetes version to protect against known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946 has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"in\": [\r\n \"1.13.4\",\r\n \"1.13.3\",\r\n \"1.13.2\",\r\n \"1.13.1\",\r\n \"1.13.0\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"in\": [\r\n \"1.12.6\",\r\n \"1.12.5\",\r\n \"1.12.4\",\r\n \"1.12.3\",\r\n \"1.12.2\",\r\n \"1.12.1\",\r\n \"1.12.0\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"in\": [\r\n \"1.11.8\",\r\n \"1.11.7\",\r\n \"1.11.6\",\r\n \"1.11.5\",\r\n \"1.11.4\",\r\n \"1.11.3\",\r\n \"1.11.2\",\r\n \"1.11.1\",\r\n \"1.11.0\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.10.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.9.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.8.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.7.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.6.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.5.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.4.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.3.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.2.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.1.*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.ContainerService/managedClusters/kubernetesVersion\",\r\n \"like\": \"1.0.*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fb893a29-21bb-418c-a157-e99480ec364c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Storage account containing the container with activity logs must be encrypted with BYOK\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy audits if the Storage account containing the container with activity logs is encrypted with BYOK. The policy works only if the storage account lies on the same subscription as activity logs by design. More information on Azure Storage encryption at rest can be found here https://aka.ms/azurestoragebyok. \",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/logProfiles\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/logProfiles/storageAccountId\",\r\n \"exists\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Storage/storageAccounts\",\r\n \"existenceScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"value\": \"[contains(field('Microsoft.Insights/logProfiles/storageAccountId'), subscription().Id)]\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[last(split(field('Microsoft.Insights/logProfiles/storageAccountId'),'/'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/encryption.keySource\",\r\n \"equals\": \"Microsoft.Keyvault\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fbb99e8e-e444-4da0-9ff1-75c92f5a85b2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Access Control control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1075\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fc933d22-04df-48ed-8f87-22a3773d4309\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Client'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines with non-compliant settings in Group Policy category: 'Security Options - Microsoft Network Client'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"esri\",\r\n \"incredibuild\",\r\n \"MicrosoftDynamicsAX\",\r\n \"MicrosoftSharepoint\",\r\n \"MicrosoftVisualStudio\",\r\n \"MicrosoftWindowsDesktop\",\r\n \"MicrosoftWindowsServerHPCPack\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftWindowsServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"MicrosoftSQLServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"dsvm-windows\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"standard-data-science-vm\",\r\n \"windows-data-science-vm\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"batch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"rendering-windows2016\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"center-for-internet-security-inc\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"cis-windows-server-201*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"pivotal\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"bosh-windows-server*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloud-infrastructure-services\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"ad*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\r\n \"like\": \"Windows*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"exists\": \"false\"\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"2008*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"notLike\": \"SQL2008*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"windows*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"AzureBaseline_SecurityOptionsMicrosoftNetworkClient\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fcbc55c9-f25a-4e55-a6cb-33acb3be778b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1318 - Authenticator Management\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1318\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fced5fda-3bdb-4d73-bfea-0e2c80428b66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1543 - Risk Assessment\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Risk Assessment control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1543\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fd00b778-b5b5-49c0-a994-734ea7bd3624\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1707 - Security Alerts, Advisories, And Directives | Automated Alerts And Advisories\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Information Integrity control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1707\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fd4a2ac8-868a-4702-a345-6c896c3361ce\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1299 - Identification And Authentication Policy And Procedures\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Identification and Authentication control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1299\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fd4e54f7-9ab0-4bae-b6cc-457809948a89\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1627 - Boundary Protection | External Telecommunications Services\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Communications Protection control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1627\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fd73310d-76fc-422d-bda4-3a077149f179\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time Source\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Audit and Accountability control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1130\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fd7c4c1d-51ee-4349-9dab-89a7f8c8d102\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1611 - Developer-Provided Training\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1611\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1405 - Maintenance Tools | Inspect Tools\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1405\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1613 - Developer Security Architecture And Design\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this System and Services Acquisition control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1613\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fe2ad78b-8748-4bff-a924-f74dfca93f30\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Show audit results from Linux VMs that do not have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"All\",\r\n \"description\": \"This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that do not have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"in\": [\r\n \"microsoft-aks\",\r\n \"AzureDatabricks\",\r\n \"qubole-inc\",\r\n \"datastax\",\r\n \"couchbase\",\r\n \"scalegrid\",\r\n \"checkpoint\",\r\n \"paloaltonetworks\"\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"OpenLogic\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"CentOS*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"RHEL\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"RedHat\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"osa\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"credativ\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"Debian\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"7*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Suse\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"SLES*\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"11*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"Canonical\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"UbuntuServer\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"12*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-dsvm\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"in\": [\r\n \"linux-data-science-vm-ubuntu\",\r\n \"azureml\"\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-centos-os\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageSKU\",\r\n \"notLike\": \"6*\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"cloudera\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"equals\": \"cloudera-altus-centos-os\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/imagePublisher\",\r\n \"equals\": \"microsoft-ads\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.HybridCompute/imageOffer\",\r\n \"like\": \"linux*\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments\",\r\n \"name\": \"installed_application_linux\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus\",\r\n \"equals\": \"Compliant\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Vulnerabilities on your SQL databases should be remediated\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/managedinstances/databases\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/complianceResults\",\r\n \"name\": \"sqlVulnerabilityAssessment\",\r\n \"existenceCondition\": {\r\n \"field\": \"Microsoft.Security/complianceResults/resourceStatus\",\r\n \"in\": [\r\n \"OffByPolicy\",\r\n \"Healthy\"\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"feedbf84-6b99-488c-acc2-71c829aa5ffc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Maintenance control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1407\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ff9fbd83-1d8d-4b41-aac2-94cb44b33976\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Microsoft Managed Control 1158 - Security Authorization\",\r\n \"policyType\": \"Static\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Microsoft implements this Security Assessment and Authorization control\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/ACF1158\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"Microsoft.Resources/subscriptions\",\r\n \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n ]\r\n },\r\n {\r\n \"value\": \"false\",\r\n \"equals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"fff50cf2-28eb-45b4-b378-c99412688907\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage certificate validity period\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages the maximum validity period for certificates in months.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"maximumValidityInMonths\": {\r\n \"type\": \"Integer\",\r\n \"metadata\": {\r\n \"displayName\": \"The maximum validity in months\",\r\n \"description\": \"The limit to how long a certificate may be valid for. Certificates with lengthy validity periods aren't best practice.\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/properties.validityInMonths\",\r\n \"greater\": \"[parameters('maximumValidityInMonths')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0a075868-4c26-42ef-914c-5bc007359560\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Ensure containers listen only on allowed ports in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy enforces containers to listen only on allowed ports in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"allowedContainerPortsRegex\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed container ports regex\",\r\n \"description\": \"Regex representing container ports allowed in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"ContainerAllowedPorts\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego\",\r\n \"policyParameters\": {\r\n \"allowedContainerPortsRegex\": \"[parameters('allowedContainerPortsRegex')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"0f636243-1b1c-4d50-880f-310f6199f2cb\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage allowed certificate key types\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages the allowed key types for certificates.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"allowedKeyTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed key types\",\r\n \"description\": \"The list of allowed certificate key types.\"\r\n },\r\n \"allowedValues\": [\r\n \"RSA\",\r\n \"RSA-HSM\",\r\n \"EC\",\r\n \"EC-HSM\"\r\n ],\r\n \"defaultValue\": [\r\n \"RSA\",\r\n \"RSA-HSM\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType\",\r\n \"notIn\": \"[parameters('allowedKeyTypes')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1151cede-290b-4ba0-8b38-0ad145ac888f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage certificate lifetime action triggers\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages the configuration for certificate lifetime action triggers before certificate expiration.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"maximumPercentageLife\": {\r\n \"type\": \"Integer\",\r\n \"metadata\": {\r\n \"displayName\": \"The maximum lifetime percentage\",\r\n \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\r\n }\r\n },\r\n \"minimumDaysBeforeExpiry\": {\r\n \"type\": \"Integer\",\r\n \"metadata\": {\r\n \"displayName\": \"The minimum days before expiry\",\r\n \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.daysBeforeExpiry\",\r\n \"less\": \"[parameters('minimumDaysBeforeExpiry')]\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage\",\r\n \"exists\": \"True\"\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/lifetimeAction.lifetimePercentage\",\r\n \"greater\": \"[parameters('maximumPercentageLife')]\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"12ef42cb-9903-4e39-9c26-422d29570417\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Enforce labels on pods in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy enforces the specified labels are provided for pods in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"commaSeparatedListOfLabels\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Comma-separated list of labels\",\r\n \"description\": \"A comma-separated list of labels to be specified on Pods in Kubernetes cluster. E.g. test1,test2\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"PodEnforceLabels\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego\",\r\n \"policyParameters\": {\r\n \"commaSeparatedListOfLabels\": \"[parameters('commaSeparatedListOfLabels')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"16c6ca72-89d2-4798-b87e-496f9de7fcb7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Enforce HTTPS ingress in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-https-only/constraint.yaml\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Ensure services listen only on allowed ports in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy enforces services to listen only on allowed ports in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"allowedServicePortsList\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed service ports list\",\r\n \"description\": \"The list of service ports allowed in a Kubernetes cluster.\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/service-allowed-ports/constraint.yaml\",\r\n \"values\": {\r\n \"allowedServicePorts\": \"[parameters('allowedServicePortsList')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/233a2a17-77ca-4fb1-9b6b-69223d272a44\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"233a2a17-77ca-4fb1-9b6b-69223d272a44\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Ensure services listen only on allowed ports in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy enforces services to listen only on allowed ports in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"allowedServicePortsRegex\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed service ports regex\",\r\n \"description\": \"Regex representing service ports allowed in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"ServiceAllowedPorts\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/service-allowed-ports/limited-preview/gatekeeperpolicy.rego\",\r\n \"policyParameters\": {\r\n \"allowedServicePortsRegex\": \"[parameters('allowedServicePortsRegex')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/25dee3db-6ce0-4c02-ab5d-245887b24077\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"25dee3db-6ce0-4c02-ab5d-245887b24077\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Enforce HTTPS ingress in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy enforces HTTPS ingress in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"HttpsIngressOnly\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-https-only/limited-preview/gatekeeperpolicy.rego\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/2fbff515-eecc-4b7e-9b63-fcc7138b7dc3\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"2fbff515-eecc-4b7e-9b63-fcc7138b7dc3\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Enforce internal load balancers in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy enforces load balancers do not have public IPs in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/load-balancer-no-public-ips/constraint.yaml\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Ensure containers listen only on allowed ports in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy enforces containers to listen only on allowed ports in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"allowedContainerPortsList\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed container ports list\",\r\n \"description\": \"The list of container ports allowed in a Kubernetes cluster.\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-ports/constraint.yaml\",\r\n \"values\": {\r\n \"allowedContainerPorts\": \"[parameters('allowedContainerPortsList')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/440b515e-a580-421e-abeb-b159a61ddcbc\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"440b515e-a580-421e-abeb-b159a61ddcbc\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Enforce labels on pods in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy enforces the specified labels are provided for pods in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"labelsList\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of labels\",\r\n \"description\": \"The list of labels to be specified on Pods in a Kubernetes cluster.\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/pod-enforce-labels/constraint.yaml\",\r\n \"values\": {\r\n \"labels\": \"[parameters('labelsList')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/46592696-4c7b-4bf3-9e45-6c2763bdc0a6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"46592696-4c7b-4bf3-9e45-6c2763bdc0a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Ensure only allowed container images in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy ensures only allowed container images are running in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"allowedContainerImagesRegex\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed container images regex\",\r\n \"description\": \"Regex representing container images allowed in Kubernetes cluster. E.g. Regex of azure container registry images is ^.+azurecr.io/.+$\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"ContainerAllowedImages\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-images/limited-preview/gatekeeperpolicy.rego\",\r\n \"policyParameters\": {\r\n \"allowedContainerImagesRegex\": \"[parameters('allowedContainerImagesRegex')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/5f86cb6e-c4da-441b-807c-44bd0cc14e66\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5f86cb6e-c4da-441b-807c-44bd0cc14e66\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Do not allow privileged containers in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy does not allow privileged containers creation in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"ContainerNoPrivilege\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"7ce7ac02-a5c6-45d6-8d1b-844feb1c1531\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage certificates issued by an integrated CA\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages certificates are issued by a specified key vault integrated Certificate Authority.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"allowedCAs\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed Azure Key Vault Supported CAs\",\r\n \"description\": \"The list of allowed certificate authorities supported by Azure Key Vault.\"\r\n },\r\n \"allowedValues\": [\r\n \"DigiCert\",\r\n \"GlobalSign\"\r\n ],\r\n \"defaultValue\": [\r\n \"DigiCert\",\r\n \"GlobalSign\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/issuer.name\",\r\n \"notIn\": \"[parameters('allowedCAs')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"8e826246-c976-48f6-b03e-619bb92b3d82\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Do not allow privileged containers in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy does not allow privileged containers creation in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-no-privilege/constraint.yaml\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"95edb821-ddaf-4404-9732-666045e056b4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage certificates issued by a non-integrated CA\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages certificates are issued by a specified non-integrated Certificate Authority.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"caCommonName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The common name of the certificate authority\",\r\n \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/issuer.commonName\",\r\n \"notContains\": \"[parameters('caCommonName')]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a22f4a40-01d3-4c7d-8071-da157eeff341\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Ensure CPU and memory resource limits defined on containers in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy ensures CPU and memory resource limits are defined on containers in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"ContainerResourceLimits\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-resource-limits/limited-preview/gatekeeperpolicy.rego\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a2d3ed81-8d11-4079-80a5-1faadc0024f4\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a2d3ed81-8d11-4079-80a5-1faadc0024f4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Enforce internal load balancers in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy enforces load balancers do not have public IPs in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"LoadBalancersInternal\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/loadbalancer-no-publicips/limited-preview/gatekeeperpolicy.rego\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/a74d8f00-2fd9-4ce4-968e-0ee1eb821698\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"a74d8f00-2fd9-4ce4-968e-0ee1eb821698\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Enforce unique ingress hostnames across namespaces in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy enforces unique ingress hostnames across namespaces in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/ingress-hostnames-conflict/constraint.yaml\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fd3e59-6390-4f2b-8247-ea676bd03e2d\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"b2fd3e59-6390-4f2b-8247-ea676bd03e2d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage allowed curve names for elliptic curve cryptography certificates\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages the allowed elliptic curve names for elliptic curve cryptography certificates.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"allowedECNames\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed elliptic curve names\",\r\n \"description\": \"The list of allowed curve names for elliptic curve cryptography certificates.\"\r\n },\r\n \"allowedValues\": [\r\n \"P-256\",\r\n \"P-256K\",\r\n \"P-384\",\r\n \"P-521\"\r\n ],\r\n \"defaultValue\": [\r\n \"P-256\",\r\n \"P-256K\",\r\n \"P-384\",\r\n \"P-521\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType\",\r\n \"in\": [\r\n \"EC\",\r\n \"EC-HSM\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.ellipticCurveName\",\r\n \"notIn\": \"[parameters('allowedECNames')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"bd78111f-4953-4367-9fd5-7e08808b54bf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage minimum key size for RSA certificates\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages the minimum key size for RSA certificates.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"minimumRSAKeySize\": {\r\n \"type\": \"Integer\",\r\n \"metadata\": {\r\n \"displayName\": \"Minimum RSA key size\",\r\n \"description\": \"The minimum key size for RSA certificates.\"\r\n },\r\n \"allowedValues\": [\r\n 2048,\r\n 3072,\r\n 4096\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType\",\r\n \"in\": [\r\n \"RSA\",\r\n \"RSA-HSM\"\r\n ]\r\n },\r\n {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keySize\",\r\n \"less\": \"[parameters('minimumRSAKeySize')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"cee51871-e572-4576-855c-047c820360f0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Limited Preview]: [AKS] Enforce unique ingress hostnames across namespaces in AKS\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.ContainerService.Data\",\r\n \"description\": \"This policy enforces unique ingress hostnames across namespaces in an Azure Kubernetes Service cluster. Limited Preview policies only work for registered subscriptions. To register, please go to https://aka.ms/akspolicyonboarding. For instruction on using this policy, please go to https://aka.ms/akspolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes service\"\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"EnforceRegoPolicy\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"EnforceRegoPolicy\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.ContainerService/managedClusters\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"policyId\": \"UniqueIngressHostnames\",\r\n \"policy\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/ingress-hostnames-conflict/limited-preview/gatekeeperpolicy.rego\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/d011d9f7-ba32-4005-b727-b3d09371ca60\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"d011d9f7-ba32-4005-b727-b3d09371ca60\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Ensure container CPU and memory resource limits do not exceed the specified limits in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy ensures container CPU and memory resource limits are defined and do not exceed the specified limits in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"cpuLimit\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Max allowed CPU units\",\r\n \"description\": \"The maximum CPU units allowed for a container. E.g. 200m. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"\r\n }\r\n },\r\n \"memoryLimit\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Max allowed memory bytes\",\r\n \"description\": \"The maximum memory bytes allowed for a container. E.g. 1Gi. For more information, please refer https://aka.ms/k8s-policy-pod-limits\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-resource-limits/constraint.yaml\",\r\n \"values\": {\r\n \"cpuLimit\": \"[parameters('cpuLimit')]\",\r\n \"memoryLimit\": \"[parameters('memoryLimit')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/e345eecc-fa47-480f-9e88-67dcc122b164\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e345eecc-fa47-480f-9e88-67dcc122b164\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Manage certificates that are within a specified number of days of expiration\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.KeyVault.Data\",\r\n \"description\": \"This policy manages certificates that are within a specified number of days to their expiration date.\",\r\n \"metadata\": {\r\n \"category\": \"Key Vault\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"daysToExpire\": {\r\n \"type\": \"Integer\",\r\n \"metadata\": {\r\n \"displayName\": \"Days to expire\",\r\n \"description\": \"The number of days for a certificate to expire.\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"audit\",\r\n \"deny\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"audit\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.KeyVault.Data/vaults/certificates/attributes.expiresOn\",\r\n \"lessOrEquals\": \"[addDays(utcNow(), parameters('daysToExpire'))]\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"f772fb64-8e40-40ad-87bc-7706e1949427\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: [AKS Engine] Ensure only allowed container images in Kubernetes cluster\",\r\n \"policyType\": \"BuiltIn\",\r\n \"mode\": \"Microsoft.Kubernetes.Data\",\r\n \"description\": \"This policy ensures only allowed container images are running in a Kubernetes cluster. For instructions on using this policy, please go to https://aka.ms/kubepolicydoc.\",\r\n \"metadata\": {\r\n \"category\": \"Kubernetes\"\r\n },\r\n \"parameters\": {\r\n \"allowedContainerImagesRegex\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed container images regex\",\r\n \"description\": \"Regex representing container images allowed in a Kubernetes cluster. E.g. Regex for azure container registry images is ^.+azurecr.io/.+$\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"enforceOPAConstraint\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"enforceOPAConstraint\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"in\": [\r\n \"AKS Engine\"\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"constraintTemplate\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/template.yaml\",\r\n \"constraint\": \"https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/Kubernetes/container-allowed-images/constraint.yaml\",\r\n \"values\": {\r\n \"allowedContainerImagesRegex\": \"[parameters('allowedContainerImagesRegex')]\"\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"febd0533-8e55-448f-b837-bd0e06f16469\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TestBlobRetentionPolicy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Test policy for investigating IcM 149825559:\\nhttps://icm.ad.msft.net/imp/v3/incidents/details/149825559/home\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"createdBy\": \"3d826307-2481-45a0-a271-bcf9333f914a\",\r\n \"createdOn\": \"2019-09-30T18:47:59.5752578Z\",\r\n \"updatedBy\": \"3d826307-2481-45a0-a271-bcf9333f914a\",\r\n \"updatedOn\": \"2019-10-01T00:30:31.7182576Z\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/blobServices\"\r\n },\r\n {\r\n \"anyof\": [\r\n {\r\n \"field\": \"Microsoft.Storage/storageAccounts/blobServices/deleteRetentionPolicy.enabled\",\r\n \"exists\": \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/1e3e34b9-83b4-41d1-b5cb-d881347c5ec7\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"1e3e34b9-83b4-41d1-b5cb-d881347c5ec7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TlsTest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Test policy management of minimum TLS version on App Service\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"createdBy\": \"3d826307-2481-45a0-a271-bcf9333f914a\",\r\n \"createdOn\": \"2019-08-28T18:53:58.3463814Z\",\r\n \"updatedBy\": \"3d826307-2481-45a0-a271-bcf9333f914a\",\r\n \"updatedOn\": \"2019-08-28T19:41:21.0399123Z\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\r\n \"notEquals\": \"1.2\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/32759c84-9e00-4d38-b991-7245e795454a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"32759c84-9e00-4d38-b991-7245e795454a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"TagNameCaseTest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Determine whether policy check on tags is case sensitive.\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"createdBy\": \"3d826307-2481-45a0-a271-bcf9333f914a\",\r\n \"createdOn\": \"2019-08-21T19:01:50.4093911Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"tags.costCenter\",\r\n \"equals\": \"Bad\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/4ece3251-c015-4e6b-bad7-431cad00a3f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4ece3251-c015-4e6b-bad7-431cad00a3f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if not perf test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"PerfTest\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.Test\",\r\n \"equals\": \"Perf\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBePerfTest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-tags.shouldBePerfTest\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit if not unit test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"PerfTest\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.Test\",\r\n \"equals\": \"UnitTest\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBeUnitTest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"audit-tags.shouldBeUnitTest\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"ConfigTest\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Test policy management of minimum TLS version on App Service\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"createdBy\": \"3d826307-2481-45a0-a271-bcf9333f914a\",\r\n \"createdOn\": \"2019-08-28T19:36:08.2602753Z\",\r\n \"updatedBy\": \"3d826307-2481-45a0-a271-bcf9333f914a\",\r\n \"updatedOn\": \"2019-08-28T19:40:22.1536018Z\"\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/sites/config\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/http20Enabled\",\r\n \"exists\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Web/sites/config/http20Enabled\",\r\n \"notEquals\": \"false\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/e641ffe8-8b9c-4b4e-92df-b4cd1796f54a\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"e641ffe8-8b9c-4b4e-92df-b4cd1796f54a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"094435f3-a5d5-4c38-abfb-238662bec758\",\r\n \"createdOn\": \"2019-12-12T18:23:44.5118706Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/ps1687\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps1687\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"094435f3-a5d5-4c38-abfb-238662bec758\",\r\n \"createdOn\": \"2019-12-12T18:28:49.9490332Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/ps3987\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps3987\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"094435f3-a5d5-4c38-abfb-238662bec758\",\r\n \"createdOn\": \"2019-12-12T18:32:03.5042214Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/ps402\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps402\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"094435f3-a5d5-4c38-abfb-238662bec758\",\r\n \"createdOn\": \"2019-12-12T17:48:31.9088413Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/ps4693\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps4693\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"094435f3-a5d5-4c38-abfb-238662bec758\",\r\n \"createdOn\": \"2019-12-12T18:26:22.464452Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/ps6091\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps6091\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Fake test policy\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"description\": \"Sample fake test policy for unit tests.\",\r\n \"metadata\": {\r\n \"category\": \"Unit Test\",\r\n \"createdBy\": \"094435f3-a5d5-4c38-abfb-238662bec758\",\r\n \"createdOn\": \"2019-12-12T18:51:07.642335Z\",\r\n \"updatedBy\": \"094435f3-a5d5-4c38-abfb-238662bec758\",\r\n \"updatedOn\": \"2019-12-12T18:51:08.1762693Z\"\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"description\": \"An array of permitted locations for resources.\",\r\n \"strongType\": \"location\",\r\n \"displayName\": \"List of locations\"\r\n },\r\n \"defaultValue\": [\r\n \"somewhere\"\r\n ]\r\n },\r\n \"effectParam\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"description\": \"The effect of the policy\",\r\n \"displayName\": \"Policy Effect\"\r\n },\r\n \"allowedValues\": [\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Deny\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('listOfAllowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effectParam')]\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/ps7891\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps7891\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"094435f3-a5d5-4c38-abfb-238662bec758\",\r\n \"createdOn\": \"2019-12-12T02:23:38.6566033Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/ps8411\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps8411\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"094435f3-a5d5-4c38-abfb-238662bec758\",\r\n \"createdOn\": \"2019-12-12T18:31:14.2364452Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/ps9550\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9550\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit tag at MG\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"327c26bf-bf3e-4128-9b75-fbbd99e98739\",\r\n \"createdOn\": \"2019-09-19T21:02:29.3038974Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.Test\",\r\n \"equals\": \"UnitTest\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"03ae6c12-b46a-43f1-9f3d-c20620473106\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"\\\"metadata\\\": { \\\"category\\\": \\\"testResourcesGrid\\\" },\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"327c26bf-bf3e-4128-9b75-fbbd99e98739\",\r\n \"createdOn\": \"2019-09-19T20:48:36.8149755Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"tags.testResourcesGrid\",\r\n \"equals\": \"testResourcesGrid\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/4bba2e95-2749-431f-95ff-d032a3ae57f6\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"4bba2e95-2749-431f-95ff-d032a3ae57f6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CaleC - Technical Owner Email Tag on RG\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"createdBy\": \"b8890a11-51b6-457d-99f0-b36fde28fa4f\",\r\n \"createdOn\": \"2019-11-13T21:16:37.0623117Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"parameters\": {\r\n \"namePattern\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Pattern matching\",\r\n \"description\": \"Pattern to use for names. Can include wildcard (*).\"\r\n }\r\n },\r\n \"tagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"tagName\",\r\n \"description\": \"Technical Owner Email Address\"\r\n },\r\n \"defaultValue\": \"TechnicalOwnerEmail\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"not\": {\r\n \"field\": \"[concat('tags[',parameters('tagName'), ']')]\",\r\n \"like\": \"[parameters('namePattern')]\"\r\n }\r\n },\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions/resourceGroups\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/54d50b8c-c4c6-4552-9e50-19925aedcf44\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"54d50b8c-c4c6-4552-9e50-19925aedcf44\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"rohitbh def\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"createdBy\": \"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e\",\r\n \"createdOn\": \"2019-03-28T00:13:27.0393653Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"parameters\": {\r\n \"allowedLocations\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations\",\r\n \"description\": \"The list of allowed locations for resources.\",\r\n \"strongType\": \"location\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"not\": {\r\n \"field\": \"location\",\r\n \"in\": \"[parameters('allowedLocations')]\"\r\n }\r\n },\r\n \"then\": {\r\n \"effect\": \"audit\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/5b51a7de-acd9-42cd-81bd-32d9c01968e9\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"5b51a7de-acd9-42cd-81bd-32d9c01968e9\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim audit subscriptions without security contacts\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"69108416-6ac7-4a4f-ac13-fee20ff1ee02\",\r\n \"createdOn\": \"2019-06-07T20:59:59.7600143Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions\"\r\n },\r\n \"then\": {\r\n \"effect\": \"auditIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Security/securityContacts\"\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/67d90168-f067-43df-bd57-bca4b46df3a0\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"67d90168-f067-43df-bd57-bca4b46df3a0\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Empty deployment on each KeyVault resource\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Deploys an empty deployment (with one output) on each KeyVault vault. Used for some PolicyInsights SDK tests.\",\r\n \"metadata\": {\r\n \"category\": \"SDK Tests\",\r\n \"createdBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"createdOn\": \"2019-11-21T17:43:12.9974078Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"parameters\": {},\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.KeyVault/vaults\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"notExists\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"resources\": [],\r\n \"outputs\": {\r\n \"constantOutput\": {\r\n \"type\": \"string\",\r\n \"value\": \"someConstantValue\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"78a38c70-5549-49bd-8a16-fe3619e5d2cf\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"CaleC - Ensure principal is member of role\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"category\": \"Test\",\r\n \"createdBy\": \"b8890a11-51b6-457d-99f0-b36fde28fa4f\",\r\n \"createdOn\": \"2019-11-08T01:55:56.4678953Z\",\r\n \"updatedBy\": \"b8890a11-51b6-457d-99f0-b36fde28fa4f\",\r\n \"updatedOn\": \"2019-11-13T21:19:54.5769298Z\"\r\n },\r\n \"parameters\": {\r\n \"roleDefinitionId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Approved Role Definition\",\r\n \"description\": \"The role definition id to add the principal to.\"\r\n }\r\n },\r\n \"principalId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Principal Id\",\r\n \"description\": \"Principal Id to add to roles\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Authorization/roleDefinitions\"\r\n },\r\n {\r\n \"field\": \"name\",\r\n \"equals\": \"[parameters('roleDefinitionId')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Authorization/roleAssignments\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/principalId\",\r\n \"equals\": \"[parameters('principalId')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Authorization/roleAssignments/roleDefinitionId\",\r\n \"equals\": \"[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', parameters('roleDefinitionId'))]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635\"\r\n ],\r\n \"deployment\": {\r\n \"location\": \"eastus\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"parameters\": {\r\n \"roleId\": {\r\n \"value\": \"[parameters('roleDefinitionId')]\"\r\n },\r\n \"principalId\": {\r\n \"value\": \"[parameters('principalId')]\"\r\n }\r\n },\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"principalId\": {\r\n \"type\": \"string\"\r\n },\r\n \"roleId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[guid(subscription().id, parameters('roleId'), parameters('principalId'))]\",\r\n \"type\": \"Microsoft.Authorization/roleAssignments\",\r\n \"apiVersion\": \"2019-04-01-preview\",\r\n \"properties\": {\r\n \"principalId\": \"[parameters('principalId')]\",\r\n \"roleDefinitionId\": \"[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/', parameters('roleId'))]\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/906ef7c2-27f9-48f4-b111-1f0aca8697cd\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"906ef7c2-27f9-48f4-b111-1f0aca8697cd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim mg test 2\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"69108416-6ac7-4a4f-ac13-fee20ff1ee02\",\r\n \"createdOn\": \"2019-04-01T18:34:15.5651057Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilim mg test 2\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"jilim mg test 2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"jilim mg test\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"metadata\": {\r\n \"createdBy\": \"69108416-6ac7-4a4f-ac13-fee20ff1ee02\",\r\n \"createdOn\": \"2019-04-01T18:00:41.0087033Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/jilimmgtest\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"jilimmgtest\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"testDisplay\",\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"description\": \"Updated Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"testName\": \"testValue\",\r\n \"createdBy\": \"094435f3-a5d5-4c38-abfb-238662bec758\",\r\n \"createdOn\": \"2019-12-12T21:19:46.8086995Z\",\r\n \"updatedBy\": \"094435f3-a5d5-4c38-abfb-238662bec758\",\r\n \"updatedOn\": \"2019-12-12T21:19:48.6716768Z\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"source\": \"action\",\r\n \"equals\": \"Microsoft.Resources/Subscriptions/ResourceGroups/write\"\r\n },\r\n \"then\": {\r\n \"effect\": \"deny\"\r\n }\r\n }\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementgroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/ps7110\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps7110\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Microsoft.DataCatalog.Data\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"createdBy\": \"094435f3-a5d5-4c38-abfb-238662bec758\",\r\n \"createdOn\": \"2019-12-12T19:37:49.8928Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.DataCatalog.Data/catalog/entity/type\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"ModifyClassifications\",\r\n \"details\": {\r\n \"classificationsToAdd\": [\r\n \"invalid\"\r\n ],\r\n \"classificationsToRemove\": [\r\n \"valid\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/ps1104\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps1104\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Microsoft.DataCatalog.Data\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"createdBy\": \"094435f3-a5d5-4c38-abfb-238662bec758\",\r\n \"createdOn\": \"2019-12-12T20:03:06.4788913Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.DataCatalog.Data/catalog/entity/type\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"ModifyClassifications\",\r\n \"details\": {\r\n \"classificationsToAdd\": [\r\n \"invalid\"\r\n ],\r\n \"classificationsToRemove\": [\r\n \"valid\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/ps1433\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps1433\"\r\n },\r\n {\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Microsoft.DataCatalog.Data\",\r\n \"description\": \"Unit test junk: sorry for littering. Please delete me!\",\r\n \"metadata\": {\r\n \"createdBy\": \"094435f3-a5d5-4c38-abfb-238662bec758\",\r\n \"createdOn\": \"2019-12-12T19:58:19.7493791Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"Microsoft.DataCatalog.Data/catalog/entity/type\",\r\n \"equals\": \"foo\"\r\n },\r\n \"then\": {\r\n \"effect\": \"ModifyClassifications\",\r\n \"details\": {\r\n \"classificationsToAdd\": [\r\n \"invalid\"\r\n ],\r\n \"classificationsToRemove\": [\r\n \"valid\"\r\n ]\r\n }\r\n }\r\n }\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/ps9279\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"name\": \"ps9279\"\r\n }\r\n ]\r\n}",
"StatusCode": 200
},
{
- "RequestUri": "/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policysetdefinitions?api-version=2019-09-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZjY3Y2M5MTgtZjY0Zi00YzNmLWFhMjQtYTg1NTQ2NWY5ZDQxL3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucz9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestUri": "/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policysetdefinitions?api-version=2019-09-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lzZXRkZWZpbml0aW9ucz9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -95,13 +95,13 @@
"11998"
],
"x-ms-request-id": [
- "westus:0982aed8-ba09-4cd3-8c17-34307bd18b16"
+ "westus:ecbe8838-af20-45ed-aada-c7d21cf68743"
],
"x-ms-correlation-request-id": [
- "73f7f7c9-0f77-4ef6-a492-438645e725fd"
+ "45c0b43c-d53a-4185-8ded-8bebf6b6ac5a"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T223941Z:73f7f7c9-0f77-4ef6-a492-438645e725fd"
+ "WESTUS:20200109T013525Z:45c0b43c-d53a-4185-8ded-8bebf6b6ac5a"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -110,10 +110,10 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:39:41 GMT"
+ "Thu, 09 Jan 2020 01:35:24 GMT"
],
"Content-Length": [
- "607398"
+ "691476"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -125,18 +125,85 @@
"0"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs in which the Administrators group does not contain only the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group does not contain only the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"Members\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members\",\r\n \"description\": \"A semicolon-separated list of all the expected members of the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AdministratorsGroupMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3\",\r\n \"parameters\": {\r\n \"Members\": {\r\n \"value\": \"[parameters('Members')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AdministratorsGroupMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cc7cda28-f867-4311-8497-a526129a8d19\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/06122b01-688c-42a8-af2e-fa97dd39aa3b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"06122b01-688c-42a8-af2e-fa97dd39aa3b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs on which the Log Analytics agent is not connected as expected\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"WorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Connected workspace IDs\",\r\n \"description\": \"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsLogAnalyticsAgentConnection\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a\",\r\n \"parameters\": {\r\n \"WorkspaceId\": {\r\n \"value\": \"[parameters('WorkspaceId')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsLogAnalyticsAgentConnection\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/06c5e415-a662-463a-bb85-ede14286b979\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"06c5e415-a662-463a-bb85-ede14286b979\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IRS1075 September 2016 controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of IRS1075 September 2016 controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/irs1075-blueprint.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceIdforVMReporting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace ID for VM agent reporting\"\r\n }\r\n },\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n },\r\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"List of users excluded from Windows VM Administrators group\"\r\n }\r\n },\r\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"List of users that must be included in Windows VM Administrators group\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAnApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"value\": \"[parameters('logAnalyticsWorkspaceIdforVMreporting')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditMaximumNumberOfOwnersForASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditMinimumNumberOfOwnersForSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditRemoteDebuggingStateForAFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditRemoteDebuggingStateForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditRemoteDebuggingStateForAnAPIApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditEnablingOfOnlySecureConnectionsToYourRedisCache\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLManagedInstancesWithoutAdvancedDataSecurity\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLServersWithoutAdvancedDataSecurity\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditTransparentDataEncryptionStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfCustomRBACRules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVirtualMachinesWithoutDisasterRecoveryConfigured\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\r\n \"parameters\": {\r\n \"MembersToExclude\": {\r\n \"value\": \"[parameters('listOfMembersToExcludeFromWindowsVMAdministratorsGroup')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"parameters\": {\r\n \"MembersToInclude\": {\r\n \"value\": \"[parameters('listOfMembersToIncludeInWindowsVMAdministratorsGroup')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"105e0327-6175-4eb2-9af4-1fba43bdb39d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs in which the Administrators group does not contain all of the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group does not contain all of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"MembersToInclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to include\",\r\n \"description\": \"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AdministratorsGroupMembersToInclude\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"parameters\": {\r\n \"MembersToInclude\": {\r\n \"value\": \"[parameters('MembersToInclude')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AdministratorsGroupMembersToInclude\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/133046de-0bd7-4546-93f4-f452e9e258b7\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"133046de-0bd7-4546-93f4-f452e9e258b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CIS Microsoft Azure Foundations Benchmark 1.1.0 recommendations and deploy specific supporting VM Extensions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/cisazure-blueprint.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"listOfRegionsWhereNetworkWatcherShouldBeEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of regions where Network Watcher should be enabled\",\r\n \"description\": \"To see a complete list of regions use Get-AzLocation\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"listOfApprovedVMExtensions\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of virtual machine extensions that are approved for use\",\r\n \"description\": \"To see a complete list of virtual machine extensions, use Get-AzVMExtensionImage\"\r\n },\r\n \"defaultValue\": [\r\n \"AzureDiskEncryption\",\r\n \"AzureDiskEncryptionForLinux\",\r\n \"DependencyAgentWindows\",\r\n \"DependencyAgentLinux\",\r\n \"IaaSAntimalware\",\r\n \"IaaSDiagnostics\",\r\n \"LinuxDiagnostic\",\r\n \"MicrosoftMonitoringAgent\",\r\n \"NetworkWatcherAgentLinux\",\r\n \"NetworkWatcherAgentWindows\",\r\n \"OmsAgentForLinux\",\r\n \"VMSnapshot\",\r\n \"VMSnapshotLinux\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x1x1\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x1x1m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x1x2\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x1x3\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x1x3m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x1x3mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x1x23\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x1\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x2\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x3CISv110x7x5\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x4\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x5CISv110x7x6\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x6CISv110x7x1CISv110x7x2\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x7\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x8\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x9\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x9m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x10\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x12\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x13\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x14CISv110x4x1\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x15CISv110x4x9\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x16\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x17\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x18\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x19\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x3x1\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x3x7\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x3x8\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x2\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x3\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x4\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x4m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x5\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x5m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x6\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x6m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x7\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x7m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x8\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x10\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x10m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x11\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x12\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x13\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x14\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x15\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x16\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x17\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x5x1x1\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x5x1x2\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x5x1x3\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x5x1x4\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x5x1x7\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x6x5\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\",\r\n \"parameters\": {\r\n \"listOfLocations\": {\r\n \"value\": \"[parameters('listOfRegionsWhereNetworkWatcherShouldBeEnabled')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x7x3\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x7x4\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432\",\r\n \"parameters\": {\r\n \"approvedExtensions\": {\r\n \"value\": \"[parameters('listOfApprovedVMExtensions')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x8x4\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x8x5\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x2\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x3\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x3m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x3mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x4\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x4m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x4mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x5\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x5m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x5mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x6\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x6m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x6mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x7\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x7m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x7mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x8\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x8m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x8mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x9\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x9m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x9mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x10\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x10m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x10mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1a5bb27d-173f-493e-9568-eb56638dde4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"vmssSystemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System updates on virtual machine scale sets should be installed\",\r\n \"description\": \"Enable or disable virtual machine scale sets reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vmssEndpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Endpoint protection solution should be installed on virtual machine scale sets\",\r\n \"description\": \"Enable or disable virtual machine scale sets endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vmssOsVulnerabilitiesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities in security configuration on your virtual machine scale sets should be remediated\",\r\n \"description\": \"Enable or disable virtual machine scale sets OS vulnerabilities monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System updates should be installed on your machines\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities in security configuration on your machines should be remediated\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Disk encryption should be applied on virtual machines\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"[Deprecated] Enable or disable monitoring of network security groups with permissive rules\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"networkSecurityGroupsOnSubnetsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network Security Groups on the subnet level should be enabled\",\r\n \"description\": \"Enable or disable monitoring of NSGs on subnets\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsOnVirtualMachinesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network Security Groups for virtual machines should be enabled\",\r\n \"description\": \"Enable or disable monitoring of NSGs on VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The NSGs rules for web applications on IaaS should be hardened\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Access through Internet facing endpoint should be restricted\",\r\n \"description\": \"Enable or disable overly permissive inbound NSG rules monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities should be remediated by a Vulnerability Assessment solution\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"serverVulnerabilityAssessmentEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"[Preview] Vulnerability Assessment should be enabled on Virtual Machines\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by Azure Security Center Vulnerability Assessment\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit missing blob encryption for storage accounts\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of blob encryption for storage accounts\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Just-In-Time network access control should be applied on virtual machines\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Adaptive Application Controls should be enabled on virtual machines\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"[Deprecated] Monitor unaudited SQL servers in Azure Security Center\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"[Deprecated] Monitor unencrypted SQL databases in Azure Security Center\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Transparent Data Encryption on SQL databases should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auditing should be enabled on advanced data security settings on SQL Server\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingActionsAndGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"SQL Auditing settings should have Action-Groups configured to capture critical activities\",\r\n \"description\": \"Enable or disable the monitoring of auditing policy Action-Groups and Actions setting\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"SqlServerAuditingRetentionDaysMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"SQL servers should be configured with auditing retention days greater than 90 days\",\r\n \"description\": \"Enable or disable the monitoring of SQL servers with auditing retention period less than 90\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of diagnostics logs in Azure App Services\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"diagnosticsLogsInSelectiveAppServicesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in App Services should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Automation account variables should be encrypted\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Batch accounts should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric alert rules should be configured on Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Virtual machines should be migrated to new Azure Resource Manager resources\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage accounts should be migrated to new Azure Resource Manager resources\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Data Lake Analytics should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Azure Data Lake Store should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Event Hub should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Key Vault should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Logic Apps should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Only secure connections to your Redis Cache should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Search services should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Service Fabric clusters should only use Azure Active Directory for client authentication\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Service Bus should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"An Azure Active Directory administrator should be provisioned for SQL servers\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Secure transfer to storage accounts should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Azure Stream Analytics should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Virtual Machine Scale Sets should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"All authorization rules except RootManageSharedAccessKey should be removed from Event Hub namespace\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Authorization rules on the Event Hub instance should be defined\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities on your SQL databases should be remediated\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbDataClassificationMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Sensitive data in your SQL databases should be classified\",\r\n \"description\": \"Enable or disable the monitoring of sensitive data classification in databases.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"A maximum of 3 owners should be designated for your subscription\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"There should be more than one owner assigned to your subscription\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"MFA should be enabled on accounts with owner permissions on your subscription\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"MFA should be enabled accounts with write permissions on your subscription\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"MFA should be enabled on accounts with read permissions on your subscription\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Deprecated accounts with owner permissions should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Deprecated accounts should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"External accounts with owner permissions should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"External accounts with write permissions should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"External accounts with read permissions should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of IP restrictions for API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of IP restrictions for Function App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of IP restrictions for Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Remote debugging should be turned off for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Remote debugging should be turned off for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Remote debugging should be turned off for Web Application\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppAuditFtpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"FTPS should be required in your API App\",\r\n \"description\": \"Enable FTPS enforcement for enhanced security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppAuditFtpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"FTPS should be required in your Function App\",\r\n \"description\": \"Enable FTPS enforcement for enhanced security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppAuditFtpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"FTPS should be required in your Web App\",\r\n \"description\": \"Enable FTPS enforcement for enhanced security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUseManagedIdentityMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"A managed identity should be used in your API App\",\r\n \"description\": \"Use a managed identity for enhanced authentication security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUseManagedIdentityMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"A managed identity should be used in your Function App\",\r\n \"description\": \"Use a managed identity for enhanced authentication security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUseManagedIdentityMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"A managed identity should be used in your Web App\",\r\n \"description\": \"Use a managed identity for enhanced authentication security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRequireLatestTlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest TLS version should be used in your API App\",\r\n \"description\": \"Upgrade to the latest TLS version\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRequireLatestTlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest TLS version should be used in your Function App\",\r\n \"description\": \"Upgrade to the latest TLS version\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRequireLatestTlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest TLS version should be used in your Web App\",\r\n \"description\": \"Upgrade to the latest TLS version\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of web sockets for API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of web sockets for Function App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of web sockets for Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"API App should only be accessible over HTTPS\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of the use of HTTPS in API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Function App should only be accessible over HTTPS\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of the use of HTTPS in function App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Web Application should only be accessible over HTTPS\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of the use of HTTPS in Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffectV2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"API App should only be accessible over HTTPS V2\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App V2\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffectV2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Function App should only be accessible over HTTPS V2\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App V2\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffectV2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Web Application should only be accessible over HTTPS V2\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App V2\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"CORS should not allow every resource to access your API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"CORS should not allow every resource to access your Function App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"CORS should not allow every resource to access your Web Application\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of custom domain use in API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of custom domain use in Function App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of custom domain use in Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of .Net version in API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of .Net version in Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of Java version in API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of Java version in Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of Node.js version in Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of PHP version in API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of PHP version in Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of Python version in API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of Python version in Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"DDoS Protection Standard should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in IoT Hub should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"sqlServerAdvancedDataSecurityMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Advanced data security should be enabled on your SQL servers\",\r\n \"description\": \"Enable or disable the monitoring of SQL servers without Advanced Data Security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Advanced data security should be enabled on your SQL managed instances\",\r\n \"description\": \"Enable or disable the monitoring of SQL managed instances without Advanced Data Security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAdvancedDataSecurityEmailsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Advanced data security settings for SQL server should contain an email address to receive security alerts\",\r\n \"description\": \"Enable or disable the monitoring that advanced data security settings for SQL server contain at least one email address to receive security alerts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Advanced data security settings for SQL managed instance should contain an email address to receive security alerts\",\r\n \"description\": \"Enable or disable the monitoring that advanced data security settings for SQL managed instance contain at least one email address to receive security alerts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Email notifications to admins and subscription owners should be enabled in SQL server advanced data security settings\",\r\n \"description\": \"Enable or disable auditing that 'email notification to admins and subscription owners' is enabled in the SQL Server advanced threat protection settings. This ensures that any detections of anomalous activities on SQL server are reported as soon as possible to the admins.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Email notifications to admins and subscription owners should be enabled in SQL managed instance advanced data security settings\",\r\n \"description\": \"Enable or disable auditing that 'email notification to admins and subscription owners' is enabled in the SQL Server advanced threat protection settings. This ensures that any detections of anomalous activities on SQL managed instance are reported as soon as possible to the admins.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"kubernetesServiceRbacEnabledMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Role-Based Access Control (RBAC) should be used on Kubernetes Services\",\r\n \"description\": \"Enable or disable the monitoring of Kubernetes Services without RBAC enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"kubernetesServicePspEnabledMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Pod Security Policies should be defined on Kubernetes Services\",\r\n \"description\": \"Enable or disable the monitoring of Kubernetes Services without Pod Security Policy enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Authorized IP ranges should be defined on Kubernetes Services\",\r\n \"description\": \"Enable or disable the monitoring of Kubernetes Services without Authorized IP Ranges enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"kubernetesServiceVersionUpToDateMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Kubernetes Services should be upgraded to a non vulnerable Kubernetes version\",\r\n \"description\": \"Enable or disable the monitoring of the Kubernetes Services with versions that contain known vulnerabilities\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerability assessment should be enabled on your SQL managed instances\",\r\n \"description\": \"Audit SQL managed instances which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssessmentOnServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerability assessment should be enabled on your SQL servers\",\r\n \"description\": \"Audit Azure SQL servers which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"threatDetectionTypesOnManagedInstanceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Advanced Threat Protection types should be set to 'All' in SQL managed instance Advanced Data Security settings\",\r\n \"description\": \"It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"threatDetectionTypesOnServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Advanced Threat Protection types should be set to 'All' in SQL server Advanced Data Security settings\",\r\n \"description\": \"It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveNetworkHardeningsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network Security Group Rules for Internet facing virtual machines should be hardened\",\r\n \"description\": \"Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"restrictAccessToManagementPortsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Management ports should be closed on your virtual machines\",\r\n \"description\": \"Enable or disable the monitoring of open management ports on Virtual Machines\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"restrictAccessToAppServicesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Access to App Services should be restricted\",\r\n \"description\": \"Enable or disable the monitoring of permissive network access to app-services\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"disableIPForwardingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"IP Forwarding on your virtual machine should be disabled\",\r\n \"description\": \"Enable or disable the monitoring of IP forwarding on virtual machines\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"SQL server TDE protector should be encrypted with your own key\",\r\n \"description\": \"Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"SQL managed instance TDE protector should be encrypted with your own key\",\r\n \"description\": \"Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"containerBenchmarkMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities in container security configurations should be remediated\",\r\n \"description\": \"Enable or disable container benchmark monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"ASCDependencyAgentAuditWindowsEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Dependency Agent for Windows VMs monitoring\",\r\n \"description\": \"Enable or disable Dependency Agent for Windows VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"ASCDependencyAgentAuditLinuxEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Dependency Agent for Linux VMs monitoring\",\r\n \"description\": \"Enable or disable Dependency Agent for Linux VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"vmssOsVulnerabilitiesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vmssOsVulnerabilitiesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vmssEndpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vmssEndpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vmssSystemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vmssSystemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"PoolDeleteStartEvent\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSelectiveAppServicesMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSelectiveAppServicesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingActionsAndGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingActionsAndGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SqlServerAuditingRetentionDaysMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('SqlServerAuditingRetentionDaysMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsOnSubnetsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsOnSubnetsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsOnVirtualMachinesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsOnVirtualMachinesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssessmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"serverVulnerabilityAssessment\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('serverVulnerabilityAssessmentEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbDataClassificationMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbDataClassificationMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppAuditFtpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppAuditFtpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppAuditFtpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppAuditFtpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppAuditFtpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppAuditFtpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUseManagedIdentityMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUseManagedIdentityMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUseManagedIdentityMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUseManagedIdentityMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUseManagedIdentityMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUseManagedIdentityMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRequireLatestTlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRequireLatestTlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRequireLatestTlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRequireLatestTlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRequireLatestTlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRequireLatestTlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffectV2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffectV2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffectV2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAdvancedDataSecurityMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAdvancedDataSecurityMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAdvancedDataSecurityEmailsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAdvancedDataSecurityEmailsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlManagedInstanceAdvancedDataSecurityMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlManagedInstanceAdvancedDataSecurityMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAdvancedDataSecurityEmailAdminsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"kubernetesServiceRbacEnabledMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('kubernetesServiceRbacEnabledMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"kubernetesServicePspEnabledMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('kubernetesServicePspEnabledMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"kubernetesServiceVersionUpToDateMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('kubernetesServiceVersionUpToDateMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"kubernetesServiceAuthorizedIPRangesEnabledMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssessmentOnServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssessmentOnServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssessmentOnManagedInstanceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssessmentOnManagedInstanceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"threatDetectionTypesOnServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('threatDetectionTypesOnServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"threatDetectionTypesOnManagedInstanceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('threatDetectionTypesOnManagedInstanceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveNetworkHardeningsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveNetworkHardeningsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"restrictAccessToManagementPortsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('restrictAccessToManagementPortsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"restrictAccessToAppServicesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('restrictAccessToAppServicesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableIPForwardingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableIPForwardingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"containerBenchmarkMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('containerBenchmarkMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ASCDependencyAgentAuditWindowsEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('ASCDependencyAgentAuditWindowsEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ASCDependencyAgentAuditLinuxEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('ASCDependencyAgentAuditLinuxEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs that do not have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names (supports wildcards)\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit UK OFFICIAL and UK NHS controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes policies that address a subset of UK OFFICIAL and UK NHS controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/ukofficial-blueprint and https://aka.ms/uknhs-blueprint\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVmAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmMaximumPasswordAge70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmMinimumPasswordAge1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditEnablementOfEncryptionOfAutomationAccountVariables\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditEnablingOfOnlySecureConnectionsToYourRedisCache\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditTransparentDataEncryptionStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVMsThatDoNotUseManagedDisks\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUseOfClassicStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUseOfClassicVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3937f550-eedd-4639-9c5e-294358be442e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit SWIFT CSP-CSCF v2020 controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/SWIFT-blueprint.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n },\r\n \"workspaceIDsLogAnalyticsAgentShouldConnectTo\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Connected workspace IDs\",\r\n \"description\": \"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to\"\r\n }\r\n },\r\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to include\",\r\n \"description\": \"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n },\r\n \"domainNameFQDN\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Domain Name (FQDN)\",\r\n \"description\": \"The fully qualified domain name (FQDN) that the Windows VMs should be joined to\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MfaShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeprecatedAccountsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"FunctionAppShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"WebApplicationShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ApiAppShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DDoSProtectionStandardShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SystemUpdatesShouldBeInstalledOnYourMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AccessThroughInternetFacingEndpointShouldBeRestricted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SecureTransferToStorageAccountsShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfCustomRbacRules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVMsThatDoNotUseManagedDisks\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VirtualMachineShouldBeMigratedToNewAzureResourceManagerResources\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AutomationAccountVariablesShouldBeEncrypted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"StorageAccountsShouldBeMigratedToNewAzureResourceManagerResources\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DiagnosticLogsInAzureStreamAnalyticsShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsOnWhichTheLogAnalyticsAgentIsNotConnectedAsExpected\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsOnWhichTheLogAnalyticsAgentIsNotConnectedAsExpected\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a\",\r\n \"parameters\": {\r\n \"WorkspaceId\": {\r\n \"value\": \"[parameters('workspaceIDsLogAnalyticsAgentShouldConnectTo')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"EnsureThatSendAlertsToIsSetInSqlServerAdvancedDataSecuritySettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDependencyAgentDeploymentInVmssVmImageOsUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSqlServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsVMsThatAreNotJoinedToTheSpecifiedDomain\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"parameters\": {\r\n \"MembersToInclude\": {\r\n \"value\": \"[parameters('listOfMembersToIncludeInWindowsVMAdministratorsGroup')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsVMsThatAreNotJoinedToTheSpecifiedDomain\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970\",\r\n \"parameters\": {\r\n \"DomainName\": {\r\n \"value\": \"[parameters('domainNameFQDN')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3e0c67fc-8c7c-406c-89bd-6b6bdc986a22\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit VMs with insecure password security settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits virtual machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit PCI v3.2.1:2018 controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of PCI v3.2.1:2018 controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/pciv321-init.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditDeprecatedAccountsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditExternalAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditExternalAccountsWithReadPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditExternalAccountsWithWritePermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditWindowsVmMaximumPasswordAge70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditWindowsVmShouldNotAllowPrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditHttpsOnlyAccessForAnApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditHttpsOnlyAccessForAFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditHttpsOnlyAccessForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditMaximumNumberOfOwnersForASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditMinimumNumberOfOwnersForSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorMissingSystemUpdatesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorOSVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorUnauditedSQLDatabaseInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorUnencryptedVmDisksInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessThroughInternetFacingEndpointShouldBeRestricted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorVmVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditEnablementOfEncryptionOfAutomationAccountVariables\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditEnablingOfOnlySecureConnectionsToYourRedisCache\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditSQLServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditUseOfClassicStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditUseOfClassicVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditTransparentDataEncryptionStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditUsageOfCustomRBACRules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"496eeda9-8f2f-4d5e-8dfd-204f0a92ed41\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Canada Federal PBMM controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of Canada Federal PBMM controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/canadafederalPBMM-blueprint\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceIdforVMReporting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n },\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n },\r\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to exclude\",\r\n \"description\": \"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n },\r\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to include\",\r\n \"description\": \"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CorsShouldNotAllowEveryResourceToAccessYourWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeprecatedAccountsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"FunctionAppShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"WebApplicationShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ApiAppShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"value\": \"[parameters('logAnalyticsWorkspaceIdforVMreporting')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DDoSProtectionStandardShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SystemUpdatesShouldBeInstalledOnYourMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DiskEncryptionShouldBeAppliedOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SecureTransferToStorageAccountsShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSqlServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVirtualMachinesWithoutDisasterRecoveryConfigured\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\r\n \"parameters\": {\r\n \"MembersToExclude\": {\r\n \"value\": \"[parameters('listOfMembersToExcludeFromWindowsVMAdministratorsGroup')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"parameters\": {\r\n \"MembersToInclude\": {\r\n \"value\": \"[parameters('listOfMembersToIncludeInWindowsVMAdministratorsGroup')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"4c4a5f27-de81-430b-b4e5-9cbd50595a87\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs on which the remote host connection status does not match the specified one\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines on which the remote host connection status does not match the specified one. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"host\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Remote Host Name\",\r\n \"description\": \"Specifies the Domain Name System (DNS) name or IP address of the remote host machine.\"\r\n }\r\n },\r\n \"port\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Port\",\r\n \"description\": \"The TCP port number on the remote host name.\"\r\n }\r\n },\r\n \"shouldConnect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Should connect to remote host\",\r\n \"description\": \"Must be 'True' or 'False'. 'True' indicates that the virtual machine should be able to establish a connection with the remote host specified, so the machine will be non-compliant if it cannot establish a connection. 'False' indicates that the virtual machine should not be able to establish a connection with the remote host specified, so the machine will be non-compliant if it can establish a connection.\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsRemoteConnection\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a\",\r\n \"parameters\": {\r\n \"host\": {\r\n \"value\": \"[parameters('host')]\"\r\n },\r\n \"port\": {\r\n \"value\": \"[parameters('port')]\"\r\n },\r\n \"shouldConnect\": {\r\n \"value\": \"[parameters('shouldConnect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsRemoteConnection\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/4ddaefff-7c78-4824-9b27-5c344f3cdf90\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"4ddaefff-7c78-4824-9b27-5c344f3cdf90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs that are not set to the specified time zone\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines that are not set to the specified time zone. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"TimeZone\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time zone\",\r\n \"description\": \"The expected time zone\"\r\n },\r\n \"allowedValues\": [\r\n \"(UTC-12:00) International Date Line West\",\r\n \"(UTC-11:00) Coordinated Universal Time-11\",\r\n \"(UTC-10:00) Aleutian Islands\",\r\n \"(UTC-10:00) Hawaii\",\r\n \"(UTC-09:30) Marquesas Islands\",\r\n \"(UTC-09:00) Alaska\",\r\n \"(UTC-09:00) Coordinated Universal Time-09\",\r\n \"(UTC-08:00) Baja California\",\r\n \"(UTC-08:00) Coordinated Universal Time-08\",\r\n \"(UTC-08:00) Pacific Time (US & Canada)\",\r\n \"(UTC-07:00) Arizona\",\r\n \"(UTC-07:00) Chihuahua, La Paz, Mazatlan\",\r\n \"(UTC-07:00) Mountain Time (US & Canada)\",\r\n \"(UTC-06:00) Central America\",\r\n \"(UTC-06:00) Central Time (US & Canada)\",\r\n \"(UTC-06:00) Easter Island\",\r\n \"(UTC-06:00) Guadalajara, Mexico City, Monterrey\",\r\n \"(UTC-06:00) Saskatchewan\",\r\n \"(UTC-05:00) Bogota, Lima, Quito, Rio Branco\",\r\n \"(UTC-05:00) Chetumal\",\r\n \"(UTC-05:00) Eastern Time (US & Canada)\",\r\n \"(UTC-05:00) Haiti\",\r\n \"(UTC-05:00) Havana\",\r\n \"(UTC-05:00) Indiana (East)\",\r\n \"(UTC-05:00) Turks and Caicos\",\r\n \"(UTC-04:00) Asuncion\",\r\n \"(UTC-04:00) Atlantic Time (Canada)\",\r\n \"(UTC-04:00) Caracas\",\r\n \"(UTC-04:00) Cuiaba\",\r\n \"(UTC-04:00) Georgetown, La Paz, Manaus, San Juan\",\r\n \"(UTC-04:00) Santiago\",\r\n \"(UTC-03:30) Newfoundland\",\r\n \"(UTC-03:00) Araguaina\",\r\n \"(UTC-03:00) Brasilia\",\r\n \"(UTC-03:00) Cayenne, Fortaleza\",\r\n \"(UTC-03:00) City of Buenos Aires\",\r\n \"(UTC-03:00) Greenland\",\r\n \"(UTC-03:00) Montevideo\",\r\n \"(UTC-03:00) Punta Arenas\",\r\n \"(UTC-03:00) Saint Pierre and Miquelon\",\r\n \"(UTC-03:00) Salvador\",\r\n \"(UTC-02:00) Coordinated Universal Time-02\",\r\n \"(UTC-02:00) Mid-Atlantic - Old\",\r\n \"(UTC-01:00) Azores\",\r\n \"(UTC-01:00) Cabo Verde Is.\",\r\n \"(UTC) Coordinated Universal Time\",\r\n \"(UTC+00:00) Dublin, Edinburgh, Lisbon, London\",\r\n \"(UTC+00:00) Monrovia, Reykjavik\",\r\n \"(UTC+00:00) Sao Tome\",\r\n \"(UTC+01:00) Casablanca\",\r\n \"(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna\",\r\n \"(UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague\",\r\n \"(UTC+01:00) Brussels, Copenhagen, Madrid, Paris\",\r\n \"(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb\",\r\n \"(UTC+01:00) West Central Africa\",\r\n \"(UTC+02:00) Amman\",\r\n \"(UTC+02:00) Athens, Bucharest\",\r\n \"(UTC+02:00) Beirut\",\r\n \"(UTC+02:00) Cairo\",\r\n \"(UTC+02:00) Chisinau\",\r\n \"(UTC+02:00) Damascus\",\r\n \"(UTC+02:00) Gaza, Hebron\",\r\n \"(UTC+02:00) Harare, Pretoria\",\r\n \"(UTC+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius\",\r\n \"(UTC+02:00) Jerusalem\",\r\n \"(UTC+02:00) Kaliningrad\",\r\n \"(UTC+02:00) Khartoum\",\r\n \"(UTC+02:00) Tripoli\",\r\n \"(UTC+02:00) Windhoek\",\r\n \"(UTC+03:00) Baghdad\",\r\n \"(UTC+03:00) Istanbul\",\r\n \"(UTC+03:00) Kuwait, Riyadh\",\r\n \"(UTC+03:00) Minsk\",\r\n \"(UTC+03:00) Moscow, St. Petersburg\",\r\n \"(UTC+03:00) Nairobi\",\r\n \"(UTC+03:30) Tehran\",\r\n \"(UTC+04:00) Abu Dhabi, Muscat\",\r\n \"(UTC+04:00) Astrakhan, Ulyanovsk\",\r\n \"(UTC+04:00) Baku\",\r\n \"(UTC+04:00) Izhevsk, Samara\",\r\n \"(UTC+04:00) Port Louis\",\r\n \"(UTC+04:00) Saratov\",\r\n \"(UTC+04:00) Tbilisi\",\r\n \"(UTC+04:00) Volgograd\",\r\n \"(UTC+04:00) Yerevan\",\r\n \"(UTC+04:30) Kabul\",\r\n \"(UTC+05:00) Ashgabat, Tashkent\",\r\n \"(UTC+05:00) Ekaterinburg\",\r\n \"(UTC+05:00) Islamabad, Karachi\",\r\n \"(UTC+05:00) Qyzylorda\",\r\n \"(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi\",\r\n \"(UTC+05:30) Sri Jayawardenepura\",\r\n \"(UTC+05:45) Kathmandu\",\r\n \"(UTC+06:00) Astana\",\r\n \"(UTC+06:00) Dhaka\",\r\n \"(UTC+06:00) Omsk\",\r\n \"(UTC+06:30) Yangon (Rangoon)\",\r\n \"(UTC+07:00) Bangkok, Hanoi, Jakarta\",\r\n \"(UTC+07:00) Barnaul, Gorno-Altaysk\",\r\n \"(UTC+07:00) Hovd\",\r\n \"(UTC+07:00) Krasnoyarsk\",\r\n \"(UTC+07:00) Novosibirsk\",\r\n \"(UTC+07:00) Tomsk\",\r\n \"(UTC+08:00) Beijing, Chongqing, Hong Kong, Urumqi\",\r\n \"(UTC+08:00) Irkutsk\",\r\n \"(UTC+08:00) Kuala Lumpur, Singapore\",\r\n \"(UTC+08:00) Perth\",\r\n \"(UTC+08:00) Taipei\",\r\n \"(UTC+08:00) Ulaanbaatar\",\r\n \"(UTC+08:45) Eucla\",\r\n \"(UTC+09:00) Chita\",\r\n \"(UTC+09:00) Osaka, Sapporo, Tokyo\",\r\n \"(UTC+09:00) Pyongyang\",\r\n \"(UTC+09:00) Seoul\",\r\n \"(UTC+09:00) Yakutsk\",\r\n \"(UTC+09:30) Adelaide\",\r\n \"(UTC+09:30) Darwin\",\r\n \"(UTC+10:00) Brisbane\",\r\n \"(UTC+10:00) Canberra, Melbourne, Sydney\",\r\n \"(UTC+10:00) Guam, Port Moresby\",\r\n \"(UTC+10:00) Hobart\",\r\n \"(UTC+10:00) Vladivostok\",\r\n \"(UTC+10:30) Lord Howe Island\",\r\n \"(UTC+11:00) Bougainville Island\",\r\n \"(UTC+11:00) Chokurdakh\",\r\n \"(UTC+11:00) Magadan\",\r\n \"(UTC+11:00) Norfolk Island\",\r\n \"(UTC+11:00) Sakhalin\",\r\n \"(UTC+11:00) Solomon Is., New Caledonia\",\r\n \"(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky\",\r\n \"(UTC+12:00) Auckland, Wellington\",\r\n \"(UTC+12:00) Coordinated Universal Time+12\",\r\n \"(UTC+12:00) Fiji\",\r\n \"(UTC+12:00) Petropavlovsk-Kamchatsky - Old\",\r\n \"(UTC+12:45) Chatham Islands\",\r\n \"(UTC+13:00) Coordinated Universal Time+13\",\r\n \"(UTC+13:00) Nuku'alofa\",\r\n \"(UTC+13:00) Samoa\",\r\n \"(UTC+14:00) Kiritimati Island\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTimeZone\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c\",\r\n \"parameters\": {\r\n \"TimeZone\": {\r\n \"value\": \"[parameters('TimeZone')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTimeZone\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/538942d3-3fae-4fb6-9d94-744f9a51e7da\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"538942d3-3fae-4fb6-9d94-744f9a51e7da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs that are not joined to the specified domain\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines that are not joined to the specified domain. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"DomainName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Domain Name (FQDN)\",\r\n \"description\": \"The fully qualified domain name (FQDN) that the Windows VMs should be joined to\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsDomainMembership\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970\",\r\n \"parameters\": {\r\n \"DomainName\": {\r\n \"value\": \"[parameters('DomainName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsDomainMembership\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/6b3c1e80-8ae5-405b-b021-c23d13b3959f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"6b3c1e80-8ae5-405b-b021-c23d13b3959f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit ISO 27001:2013 controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of ISO 27001:2013 controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/iso27001-blueprint.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\",\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDependencyAgentDeploymentVmImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDependencyAgentDeploymentInVMSSVmImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditLinuxVmPasswdFilePermissions\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAnApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVmAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentVmImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditMaximumNumberOfOwnersForASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditMinimumNumberOfOwnersForSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmMaximumPasswordAge70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmMinimumPasswordAge1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnprotectedWebApplicationInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditEnablementOfEncryptionOfAutomationAccountVariables\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditEnablingOfOnlySecureConnectionsToYourRedisCache\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditTransparentDataEncryptionStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfCustomRBACRules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUseOfClassicStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUseOfClassicVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVMsThatDoNotUseManagedDisks\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"89c6cddc-1c73-4ac1-b19c-54d1a15a42f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows web servers that are not using secure communication protocols\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"MinimumTLSVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Minimum TLS version\",\r\n \"description\": \"The minimum TLS protocol version that should be enabled. Windows web servers with lower TLS versions will be marked as non-compliant.\"\r\n },\r\n \"allowedValues\": [\r\n \"1.1\",\r\n \"1.2\"\r\n ],\r\n \"defaultValue\": \"1.1\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"parameters\": {\r\n \"MinimumTLSVersion\": {\r\n \"value\": \"[parameters('MinimumTLSVersion')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs on which the specified services are not installed and 'Running'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines on which the specified services are not installed and 'Running'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ServiceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Service names (supports wildcards)\",\r\n \"description\": \"A semicolon-separated list of the names of the services that should be installed and 'Running'. e.g. 'WinRm;Wi*'\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsServiceStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262\",\r\n \"parameters\": {\r\n \"ServiceName\": {\r\n \"value\": \"[parameters('ServiceName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsServiceStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8eeec860-e2fa-4f89-a669-84942c57225f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8eeec860-e2fa-4f89-a669-84942c57225f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs on which Windows Defender Exploit Guard is not enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines on which Windows Defender Exploit Guard is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"NotAvailableMachineState\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"State in which to show VMs on which Windows Defender Exploit Guard is not available\",\r\n \"description\": \"Windows Defender Exploit Guard is only available starting with Windows 10/Windows Server with update 1709. Setting this value to 'Non-Compliant' will make machines with older versions on which Windows Defender Exploit Guard is not available (such as Windows Server 2012 R2) non-compliant. Setting this value to 'Compliant' will make these machines compliant.\"\r\n },\r\n \"allowedValues\": [\r\n \"Compliant\",\r\n \"Non-Compliant\"\r\n ],\r\n \"defaultValue\": \"Non-Compliant\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsDefenderExploitGuard\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d\",\r\n \"parameters\": {\r\n \"NotAvailableMachineState\": {\r\n \"value\": \"[parameters('NotAvailableMachineState')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsDefenderExploitGuard\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9d2fd8e6-95c8-410d-add0-43ada4241574\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit HITRUST/HIPAA controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. https://aka.ms/hipaa-blueprint\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"installedApplicationsOnWindowsVM\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names (supports wildcards)\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')\"\r\n }\r\n },\r\n \"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account to deploy diagnostic settings for Network Security Groups\",\r\n \"description\": \"This prefix will be combined with the network security group location to form the created storage account name.\"\r\n }\r\n },\r\n \"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist) to deploy diagnostic settings for Network Security Groups\",\r\n \"description\": \"The resource group that the storage account will be created in. This resource group must already exist.\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Batch accounts should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"SQL managed instance TDE protector should be encrypted with your own key\",\r\n \"description\": \"Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Disk encryption should be applied on virtual machines\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Search services should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerability assessment should be enabled on your SQL managed instances\",\r\n \"description\": \"Audit SQL managed instances which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities should be remediated by a Vulnerability Assessment solution\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"EnableInsecureGuestLogons\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable insecure guest logons\",\r\n \"description\": \"Specifies whether the SMB client will allow insecure guest logons to an SMB server.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow simultaneous connections to the Internet or a Windows Domain\",\r\n \"description\": \"Specify whether to prevent computers from connecting to both a domain based network and a non-domain based network at the same time. A value of 0 allows simultaneous connections, and a value of 1 blocks them.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"TurnOffMulticastNameResolution\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Turn off multicast name resolution\",\r\n \"description\": \"Specifies whether LLMNR, a secondary name resolution protocol that transmits using multicast over a local subnet link on a single subnet, is enabled.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Access through Internet facing endpoint should be restricted\",\r\n \"description\": \"Enable or disable overly permissive inbound NSG rules monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"SQL server TDE protector should be encrypted with your own key\",\r\n \"description\": \"Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Remote debugging should be turned off for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Virtual machines should be migrated to new Azure Resource Manager resources\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Adaptive Application Controls should be enabled on virtual machines\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Remotely accessible registry paths\",\r\n \"description\": \"Specifies which registry paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key.\"\r\n },\r\n \"defaultValue\": \"System\\\\CurrentControlSet\\\\Control\\\\ProductOptions|#|System\\\\CurrentControlSet\\\\Control\\\\Server Applications|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Remotely accessible registry paths and sub-paths\",\r\n \"description\": \"Specifies which registry paths and sub-paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key.\"\r\n },\r\n \"defaultValue\": \"System\\\\CurrentControlSet\\\\Control\\\\Print\\\\Printers|#|System\\\\CurrentControlSet\\\\Services\\\\Eventlog|#|Software\\\\Microsoft\\\\OLAP Server|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Print|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows|#|System\\\\CurrentControlSet\\\\Control\\\\ContentIndex|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\UserConfig|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\DefaultUserConfiguration|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Perflib|#|System\\\\CurrentControlSet\\\\Services\\\\SysmonLog\"\r\n },\r\n \"NetworkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Shares that can be accessed anonymously\",\r\n \"description\": \"Specifies which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Remote debugging should be turned off for Web Application\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffectV2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"API App should only be accessible over HTTPS V2\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App V2\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"MFA should be enabled accounts with write permissions on your subscription\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Just-In-Time network access control should be applied on virtual machines\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"MFA should be enabled on accounts with owner permissions on your subscription\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"kubernetesServiceRbacEnabledMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Role-Based Access Control (RBAC) should be used on Kubernetes Services\",\r\n \"description\": \"Enable or disable the monitoring of Kubernetes Services without RBAC enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"restrictAccessToManagementPortsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Management ports should be closed on your virtual machines\",\r\n \"description\": \"Enable or disable the monitoring of open management ports on Virtual Machines\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vmssOsVulnerabilitiesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities in security configuration on your virtual machine scale sets should be remediated\",\r\n \"description\": \"Enable or disable virtual machine scale sets OS vulnerabilities monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Event Hub should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"vmssSystemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System updates on virtual machine scale sets should be installed\",\r\n \"description\": \"Enable or disable virtual machine scale sets reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Virtual Machine Scale Sets should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System updates should be installed on your machines\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Accounts: Guest account status\",\r\n \"description\": \"Specifies whether the local Guest account is disabled.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery console: Allow floppy copy and access to all drives and all folders\",\r\n \"description\": \"Specifies whether to make the Recovery Console SET command available, which allows setting of recovery console environment variables.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit: Shut down system immediately if unable to log security audits\",\r\n \"description\": \"Audits if the system will shut down when unable to log Security events.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Process Termination\",\r\n \"description\": \"Specifies whether audit events are generated when a process has exited. Recommended for monitoring termination of critical processes.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"WindowsFirewallDomainUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Domain profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Domain profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Private profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Private profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Public profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Public profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Domain: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPrivateAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Private: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Private profile.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPublicAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Public: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"CertificateThumbprints\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints that should exist under the Trusted Root certificate store (Cert:\\\\LocalMachine\\\\Root). e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RequireencryptiononDataLakeStoreaccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLTransparentDataEncryptionStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplicationsOnWindowsVM')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsAudit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsAudit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3\",\r\n \"parameters\": {\r\n \"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits\": {\r\n \"value\": \"[parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505\",\r\n \"parameters\": {\r\n \"AuditProcessTermination\": {\r\n \"value\": \"[parameters('DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVirtualMachinesWithoutDisasterRecoveryConfigured\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssessmentOnManagedInstanceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssessmentOnManagedInstanceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssessmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_AdministrativeTemplatesNetwork\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_AdministrativeTemplatesNetwork\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8\",\r\n \"parameters\": {\r\n \"EnableInsecureGuestLogons\": {\r\n \"value\": \"[parameters('EnableInsecureGuestLogons')]\"\r\n },\r\n \"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain\": {\r\n \"value\": \"[parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain')]\"\r\n },\r\n \"TurnOffMulticastNameResolution\": {\r\n \"value\": \"[parameters('TurnOffMulticastNameResolution')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploynetworkwatcherwhenvirtualnetworksarecreated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_WindowsFirewallProperties\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_WindowsFirewallProperties\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9\",\r\n \"parameters\": {\r\n \"WindowsFirewallDomainUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallDomainDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallPrivateUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallPrivateDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallPublicUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallPublicDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallDomainAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainAllowUnicastResponse')]\"\r\n },\r\n \"WindowsFirewallPrivateAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateAllowUnicastResponse')]\"\r\n },\r\n \"WindowsFirewallPublicAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicAllowUnicastResponse')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployDiagnosticSettingsforNetworkSecurityGroups\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('DeployDiagnosticSettingsforNetworkSecurityGroupsrgName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsNetworkAccess\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsNetworkAccess\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a\",\r\n \"parameters\": {\r\n \"NetworkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPaths')]\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths')]\"\r\n },\r\n \"NetworkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"value\": \"[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSqlServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsCertificateInTrustedRoot\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsCertificateInTrustedRoot\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5\",\r\n \"parameters\": {\r\n \"CertificateThumbprints\": {\r\n \"value\": \"[parameters('CertificateThumbprints')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffectV2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"kubernetesServiceRbacEnabledMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('kubernetesServiceRbacEnabledMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3\",\r\n \"parameters\": {\r\n \"AccountsGuestAccountStatus\": {\r\n \"value\": \"[parameters('DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"restrictAccessToManagementPortsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('restrictAccessToManagementPortsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vmssOsVulnerabilitiesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vmssOsVulnerabilitiesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vmssSystemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vmssSystemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsRecoveryconsole\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b\",\r\n \"parameters\": {\r\n \"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"value\": \"[parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a169a624-5599-4385-a696-c8d643089fab\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows Server VMs on which Windows Serial Console is not enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows Server virtual machines on which Windows Serial Console is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"EMSPortNumber\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"EMS Port Number\",\r\n \"description\": \"An integer indicating the COM port to be used for the Emergency Management Services (EMS) console redirection. For more information on EMS settings, please visit https://aka.ms/gcpolwsc\"\r\n },\r\n \"allowedValues\": [\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"EMSBaudRate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"EMS Baud Rate\",\r\n \"description\": \"An integer indicating the baud rate to be used for the Emergency Management Services (EMS) console redirection. For more information on EMS settings, please visit https://aka.ms/gcpolwsc\"\r\n },\r\n \"allowedValues\": [\r\n \"9600\",\r\n \"19200\",\r\n \"38400\",\r\n \"57600\",\r\n \"115200\"\r\n ],\r\n \"defaultValue\": \"115200\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsSerialConsole\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0\",\r\n \"parameters\": {\r\n \"EMSPortNumber\": {\r\n \"value\": \"[parameters('EMSPortNumber')]\"\r\n },\r\n \"EMSBaudRate\": {\r\n \"value\": \"[parameters('EMSBaudRate')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsSerialConsole\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/acb6cd8e-45f5-466f-b3cb-ff6fce525f71\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"acb6cd8e-45f5-466f-b3cb-ff6fce525f71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs in which the Administrators group contains any of the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group contains any of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"MembersToExclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to exclude\",\r\n \"description\": \"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AdministratorsGroupMembersToExclude\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\r\n \"parameters\": {\r\n \"MembersToExclude\": {\r\n \"value\": \"[parameters('MembersToExclude')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AdministratorsGroupMembersToExclude\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/add1999e-a61c-46d3-b8c3-f35fb8398175\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"add1999e-a61c-46d3-b8c3-f35fb8398175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs that contain certificates expiring within the specified number of days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines that contain certificates expiring within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"CertificateStorePath\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate store path\",\r\n \"description\": \"The path to the certificate store containing the certificates to check the expiration dates of. Default value is 'Cert:' which is the root certificate store path, so all certificates on the machine will be checked. Other example paths: 'Cert:\\\\LocalMachine', 'Cert:\\\\LocalMachine\\\\TrustedPublisher', 'Cert:\\\\CurrentUser'\"\r\n },\r\n \"defaultValue\": \"Cert:\"\r\n },\r\n \"ExpirationLimitInDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expiration limit in days\",\r\n \"description\": \"An integer indicating the number of days within which to check for certificates that are expiring. For example, if this value is 30, any certificate expiring within the next 30 days will cause this policy to be non-compliant.\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"CertificateThumbprintsToInclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints to include\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints to check under the specified path. If a value is not specified, all certificates under the certificate store path will be checked. If a value is specified, no certificates other than those with the thumbprints specified will be checked. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"CertificateThumbprintsToExclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints to exclude\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints to ignore. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"IncludeExpiredCertificates\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Include expired certificates\",\r\n \"description\": \"Must be 'true' or 'false'. True indicates that any found certificates that have already expired will also make this policy non-compliant. False indicates that certificates that have expired will be be ignored.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_CertificateExpiration\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8\",\r\n \"parameters\": {\r\n \"CertificateStorePath\": {\r\n \"value\": \"[parameters('CertificateStorePath')]\"\r\n },\r\n \"ExpirationLimitInDays\": {\r\n \"value\": \"[parameters('ExpirationLimitInDays')]\"\r\n },\r\n \"CertificateThumbprintsToInclude\": {\r\n \"value\": \"[parameters('CertificateThumbprintsToInclude')]\"\r\n },\r\n \"CertificateThumbprintsToExclude\": {\r\n \"value\": \"[parameters('CertificateThumbprintsToExclude')]\"\r\n },\r\n \"IncludeExpiredCertificates\": {\r\n \"value\": \"[parameters('IncludeExpiredCertificates')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_CertificateExpiration\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9328f27e-611e-44a7-a244-39109d7d35ab\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/b6f5e05c-0aaa-4337-8dd4-357c399d12ae\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"b6f5e05c-0aaa-4337-8dd4-357c399d12ae\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs that have not restarted within the specified number of days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines that have not restarted within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"NumberOfDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Number of days\",\r\n \"description\": \"The number of days without restart until the machine is considered non-compliant\"\r\n },\r\n \"defaultValue\": \"12\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MachineLastBootUpTime\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194\",\r\n \"parameters\": {\r\n \"NumberOfDays\": {\r\n \"value\": \"[parameters('NumberOfDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MachineLastBootUpTime\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/b8b5b0a8-b809-4e5d-8082-382c686e35b7\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"b8b5b0a8-b809-4e5d-8082-382c686e35b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs on which the DSC configuration is not compliant\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows VMs on which the Desired State Configuration (DSC) configuration is not compliant. This policy is only applicable to machines with WMF 4 and above. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsDscConfiguration\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsDscConfiguration\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7227ebe5-9ff7-47ab-b823-171cd02fb90f\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c58599d5-0d51-454f-aaf1-da18a5e76edd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c58599d5-0d51-454f-aaf1-da18a5e76edd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Linux VMs that do not have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Linux virtual machines that do not have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should be installed. e.g. 'python; powershell'\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs with a pending reboot\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines with a pending reboot. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsPendingReboot\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsPendingReboot\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c96b2a9c-6fab-4ac2-ae21-502143491cd4\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c96b2a9c-6fab-4ac2-ae21-502143491cd4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs that do not have the specified Windows PowerShell modules installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified Windows PowerShell modules installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"Modules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"PowerShell Modules\",\r\n \"description\": \"A semicolon-separated list of the names of the PowerShell modules that should be installed. You may also specify a specific version of a module that should be installed by including a comma after the module name, followed by the desired version. e.g. PSDscResources; SqlServerDsc, 12.0.0.0; ComputerManagementDsc, 6.1.0.0\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsPowerShellModules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf\",\r\n \"parameters\": {\r\n \"Modules\": {\r\n \"value\": \"[parameters('Modules')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsPowerShellModules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c980fd64-c67f-49a6-a8a8-e57661150802\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c980fd64-c67f-49a6-a8a8-e57661150802\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs that do not contain the specified certificates in Trusted Root\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows VMs that do not contain the specified certificates in the Trusted Root Certification Authorities certificate store (Cert:\\\\LocalMachine\\\\Root). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"CertificateThumbprints\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints that should exist under the Trusted Root certificate store (Cert:\\\\LocalMachine\\\\Root). e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsCertificateInTrustedRoot\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5\",\r\n \"parameters\": {\r\n \"CertificateThumbprints\": {\r\n \"value\": \"[parameters('CertificateThumbprints')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsCertificateInTrustedRoot\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/cdfcc6ff-945e-4bc6-857e-056cbc511e0c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"cdfcc6ff-945e-4bc6-857e-056cbc511e0c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/nist80053-blueprint.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceIdforVMReporting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace ID for VM agent reporting\"\r\n }\r\n },\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n },\r\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"List of users excluded from Windows VM Administrators group\"\r\n }\r\n },\r\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"List of users that must be included in Windows VM Administrators group\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAnApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-3(2)\",\r\n \"NIST_SP_800-53_R4_AU-6(4)\",\r\n \"NIST_SP_800-53_R4_AU-12\",\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-3(2)\",\r\n \"NIST_SP_800-53_R4_AU-6(4)\",\r\n \"NIST_SP_800-53_R4_AU-12\",\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"value\": \"[parameters('logAnalyticsWorkspaceIdforVMreporting')]\"\r\n }\r\n },\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-3(2)\",\r\n \"NIST_SP_800-53_R4_AU-6(4)\",\r\n \"NIST_SP_800-53_R4_AU-12\",\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditMaximumNumberOfOwnersForASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\",\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditMinimumNumberOfOwnersForSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\",\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\",\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditRemoteDebuggingStateForAFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditRemoteDebuggingStateForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditRemoteDebuggingStateForAnAPIApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\",\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3\",\r\n \"NIST_SP_800-53_R4_SI-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\",\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3\",\r\n \"NIST_SP_800-53_R4_SI-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\",\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7(2)\",\r\n \"NIST_SP_800-53_R4_CM-7(5)\",\r\n \"NIST_SP_800-53_R4_CM-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(12)\",\r\n \"NIST_SP_800-53_R4_SC-7(3)\",\r\n \"NIST_SP_800-53_R4_SC-7(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\",\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-28(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\",\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]\"\r\n }\r\n },\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-5\",\r\n \"NIST_SP_800-53_R4_AU-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditEnablingOfOnlySecureConnectionsToYourRedisCache\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLManagedInstancesWithoutAdvancedDataSecurity\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-16\",\r\n \"NIST_SP_800-53_R4_AU-5\",\r\n \"NIST_SP_800-53_R4_AU-12\",\r\n \"NIST_SP_800-53_R4_RA-5\",\r\n \"NIST_SP_800-53_R4_SC-28(1)\",\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-5\",\r\n \"NIST_SP_800-53_R4_AU-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLServersWithoutAdvancedDataSecurity\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-16\",\r\n \"NIST_SP_800-53_R4_AU-5\",\r\n \"NIST_SP_800-53_R4_AU-12\",\r\n \"NIST_SP_800-53_R4_RA-5\",\r\n \"NIST_SP_800-53_R4_SC-28(1)\",\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\",\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\",\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditTransparentDataEncryptionStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-28(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(1)\",\r\n \"NIST_SP_800-53_R4_SC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfCustomRBACRules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVirtualMachinesWithoutDisasterRecoveryConfigured\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\r\n \"parameters\": {\r\n \"MembersToExclude\": {\r\n \"value\": \"[parameters('listOfMembersToExcludeFromWindowsVMAdministratorsGroup')]\"\r\n }\r\n },\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\",\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"parameters\": {\r\n \"MembersToInclude\": {\r\n \"value\": \"[parameters('listOfMembersToIncludeInWindowsVMAdministratorsGroup')]\"\r\n }\r\n },\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\",\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1000\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1001\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1002\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1003\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1004\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1005\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1006\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1007\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1008\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1009\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1010\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1011\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1012\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1013\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1014\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1015\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1016\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1017\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1018\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1019\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1020\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1021\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(9)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1022\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(10)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1023\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(11)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1024\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(12)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1025\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(12)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1026\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(13)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1027\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1028\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1029\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-4(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1030\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-4(21)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1031\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1032\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1033\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1034\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1035\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1036\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1037\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1038\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1039\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1040\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1041\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1042\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(9)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1043\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(10)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1044\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1045\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1046\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-7(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1047\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1048\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1049\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1050\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1051\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1052\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1053\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-11(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1054\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1055\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-12(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-12(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1057\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-14\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1058\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-14\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1059\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1060\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1061\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1062\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1063\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1064\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1065\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1066\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(9)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1067\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-18\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1068\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-18\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1069\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-18(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1070\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-18(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1071\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-18(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1072\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-18(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1073\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-19\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1074\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-19\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1075\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-19(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1076\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-20\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1077\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-20\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1078\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-20(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1079\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-20(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1080\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-20(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1081\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-21\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1082\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-21\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1083\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-22\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1084\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-22\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1085\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-22\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1086\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-22\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1087\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1088\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1089\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1090\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1091\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1092\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1093\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1094\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1095\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1096\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1097\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-3(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1098\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1099\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1100\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1101\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1102\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1103\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1104\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1105\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1106\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1107\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1108\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1109\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-3(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1111\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1112\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1113\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1114\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-5(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1115\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1116\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1117\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1118\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1119\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1120\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6(6)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1122\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1123\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6(10)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1124\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1125\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1126\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1127\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1128\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1129\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1130\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1131\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1132\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-9(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1133\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-9(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-9(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1135\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1136\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1137\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1138\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1139\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1140\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-12(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1141\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-12(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1142\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1143\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1144\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1145\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1146\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1147\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1148\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1149\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1150\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1151\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1152\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1153\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1154\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1155\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-3(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1156\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1157\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1158\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1159\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1160\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1161\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1162\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1163\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1165\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1166\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1167\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1168\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1169\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1170\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1171\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1172\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1173\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1174\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1175\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1176\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1177\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1178\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1179\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1180\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1181\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1182\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1183\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1184\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1185\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1186\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1187\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1188\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1189\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1190\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1191\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1192\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1193\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1194\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1195\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1196\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1197\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1198\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1199\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(6)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1200\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1201\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-4(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1202\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1203\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1204\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-5(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1205\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-5(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1206\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-5(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1207\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-5(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1208\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1209\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1210\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1211\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1212\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-6(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1213\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-6(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1214\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1215\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1216\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1217\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1218\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1219\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1220\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1221\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1222\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1223\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1224\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1225\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1226\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1227\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1228\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1229\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1230\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1231\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1233\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1234\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1235\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1236\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1237\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-10(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1238\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1239\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1240\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1241\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-11(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1242\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1243\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1244\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1245\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1246\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1247\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1248\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1249\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1250\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1251\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1252\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1253\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1254\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1255\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1256\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1257\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1258\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1259\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1260\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1261\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1262\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1263\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1264\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-4(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1265\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-4(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1266\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-4(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1267\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1268\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1269\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-6(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1270\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-6(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1271\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-6(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1272\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1273\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1274\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1275\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1276\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1277\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1278\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1279\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1280\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1281\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1282\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1283\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1284\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1285\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1286\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1287\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1288\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1289\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1290\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1291\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1292\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1293\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1294\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1295\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1296\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-10(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1297\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-10(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1298\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1299\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1300\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1301\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1302\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1303\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1304\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1305\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1306\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1307\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(9)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1308\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(11)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1309\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(12)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1310\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1311\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1312\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1313\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1314\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1315\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1316\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-4(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1317\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1318\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1319\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1320\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1321\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1322\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1323\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1324\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1325\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1326\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1327\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1328\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1329\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1330\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1331\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1332\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1333\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1334\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1335\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1336\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1337\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1338\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1339\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(6)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1340\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1341\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1342\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(11)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1343\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(13)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1344\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1345\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1346\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1347\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1348\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-8(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1349\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-8(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1350\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-8(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1351\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1352\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1353\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1354\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1355\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1356\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1357\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1358\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1359\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-3(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1360\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1361\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1362\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1363\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1364\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1366\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1367\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4(6)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1368\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1369\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1370\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1371\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1372\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1373\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-6(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1374\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1375\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1376\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-7(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1377\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-7(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1378\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1379\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1380\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1381\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1383\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1384\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1385\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1386\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1387\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1388\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1389\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1390\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1391\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1392\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1393\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1394\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1395\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1396\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1397\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1398\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1399\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1400\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1401\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1402\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1403\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1404\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1405\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1406\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-3(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1407\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1408\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1409\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1410\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1411\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1412\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1413\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1414\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1415\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1416\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1417\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1418\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1419\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4(6)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1420\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1421\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1422\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1423\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1424\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1425\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1426\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1427\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1428\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1429\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1430\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1431\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1432\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1434\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1435\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1436\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1437\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-5(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1438\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1439\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1440\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-6(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1441\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-6(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1442\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-6(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1443\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1444\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1445\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1446\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1447\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1448\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1449\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1450\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1451\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1452\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1453\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1454\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1455\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1456\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1457\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1458\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1459\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1460\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1461\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1462\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1463\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1464\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-6(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1465\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-6(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1466\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1467\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1468\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1469\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1470\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1471\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1472\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1473\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1474\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-11(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1475\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1476\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-13\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1477\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-13(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1478\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-13(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1479\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-13(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1480\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-14\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1481\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-14\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1482\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-14(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1483\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-15\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1484\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-15(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1485\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-16\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1486\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1487\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1488\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1489\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-18\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1490\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1491\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1492\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1493\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1494\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1495\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1496\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1497\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1498\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1499\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1500\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1501\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1502\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-4(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1503\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1504\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1505\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1506\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1507\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1508\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1509\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1510\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1511\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1512\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1513\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1514\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1515\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1516\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1517\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1518\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1519\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1520\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1521\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-4(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1522\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1523\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1524\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1525\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1526\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1527\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1528\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1529\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1530\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1531\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1532\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1533\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1534\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1535\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1536\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1537\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1538\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1539\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1540\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1541\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1543\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1544\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1545\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1546\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1547\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1548\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1549\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1550\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1551\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1552\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1553\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1554\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1555\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1556\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(6)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1557\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1558\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(10)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1559\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1560\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1561\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1562\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1563\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1564\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1565\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1566\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1567\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1568\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1569\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1570\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1571\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1572\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1573\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1574\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1575\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1576\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1577\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1578\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4(9)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1579\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4(10)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1580\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1581\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1582\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1583\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1584\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1585\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1586\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1587\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1588\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1589\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1590\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1591\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1592\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1593\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1594\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1595\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1596\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1597\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1598\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1599\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-10(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1600\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1601\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1602\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1603\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1604\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1605\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1606\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1607\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1608\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1609\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-15\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1610\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-15\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1611\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-16\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1612\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1613\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1615\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1616\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1617\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1618\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1619\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1620\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1621\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1622\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1623\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1624\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1625\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1626\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1627\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1628\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1629\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1630\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1631\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1632\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1633\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1634\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(10)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1635\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(12)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1636\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(13)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1637\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(18)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1638\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(20)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1639\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(21)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1640\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1641\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1642\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1643\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-12(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1645\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-12(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1646\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-12(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1647\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-13\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1648\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-15\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1649\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-15\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1650\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1651\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-18\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1652\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-18\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1653\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-18\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1654\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-19\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1655\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-19\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1656\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-20\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1657\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-20\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1658\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-21\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1659\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-22\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1660\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-23\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1661\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-23(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1662\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-24\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1663\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-28\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1664\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-28(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1665\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-39\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1666\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1667\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1668\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1669\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1670\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1671\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1672\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1673\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1674\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1675\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1676\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1677\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1678\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1679\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1680\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1681\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1682\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1683\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1684\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1685\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1686\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1687\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1688\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1689\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1690\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1691\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1692\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1693\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1694\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(11)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1695\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(14)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1696\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(16)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1697\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(18)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1698\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(19)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1699\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(20)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1700\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(22)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1701\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(23)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1702\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(24)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1703\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1704\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1705\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1706\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1707\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1708\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1709\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1710\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1711\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1712\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1713\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1714\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-7(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1715\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-7(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1716\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-7(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1717\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-7(14)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1718\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-7(14)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1719\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1720\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1721\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1722\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-8(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1723\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1724\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1725\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1726\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1727\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-16\"\r\n ]\r\n }\r\n ],\r\n \"policyDefinitionGroups\": [\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-11(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-11\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-12(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-12\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-14\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-16\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_ AC-16\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-17(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-17(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-17(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-17(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-17(9)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-17\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-18(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-18(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-18(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-18(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-18\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-19(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-19\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(10)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(11)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(12)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(13)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(9)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-20(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-20(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-20\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-21\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-22\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-4(21)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-4(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(10)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(9)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-7(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AT-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AT-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AT-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AT-3(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AT-3(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AT-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AT-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-11\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-12(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-12(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-12\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-3(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-3(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-5(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-5(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6(10)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6(6)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-7(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-9(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-9(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-9(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-9\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-2(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-3(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-3(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-7(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-7(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-9\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-10(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-11(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-11\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-2(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-2(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-3(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-3(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-3(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-3(6)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-4(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-5(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-5(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-5(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-5(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-6(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-6(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-7(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-7(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-7(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-8(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-8(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-8(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-8(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-9\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-10(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-10(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-2(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-2(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-2(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-2(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-3(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-4(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-4(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-6(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-6(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-6(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-7(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-7(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-7(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-7(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-8(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-8(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-8(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-9(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-9(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-9(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-9(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-9\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(11)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(12)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(9)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-4(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(11)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(13)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(6)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-8(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-8(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-8(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-2(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-3(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-4(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-4(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-4(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-4(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-4(6)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-4(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-5(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-6(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-7(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-7(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-9(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-9(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-9(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-9(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-9\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-3(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-3(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-3(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-4(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-4(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-4(6)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-5(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-5(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-6(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-6(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-6(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-7(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-11(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-11\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-12\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-13(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-13(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-13(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-13\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-14(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-14\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-15(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-15\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-16\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-17\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-18\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-3(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-6(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-6(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-9\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PL-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PL-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PL-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PL-4(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PL-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PL-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-3(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-4(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(10)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(6)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-10(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-11(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-11(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-11(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-11\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-12\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-15\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-16\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-17\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-4(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-4(10)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-4(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-4(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-4(9)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-9(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-9(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-9(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-9(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-9\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-12(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-12(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-12(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-12\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-13\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-15\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-17\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-18\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-19\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-20\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-21\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-22\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-23(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-23\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-24\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-28(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-28\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-39\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(10)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(12)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(13)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(18)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(20)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(21)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-11\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-12\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-16\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-2(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-3(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-3(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-3(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(11)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(14)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(16)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(18)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(19)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(20)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(22)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(23)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(24)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-5(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-7(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-7(14)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-7(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-7(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-7(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-8(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs that do not match Azure security baseline settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines with non-compliant Azure security baseline configurations. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"EnableInsecureGuestLogons\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable insecure guest logons\",\r\n \"description\": \"Specifies whether the SMB client will allow insecure guest logons to an SMB server.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow simultaneous connections to the Internet or a Windows Domain\",\r\n \"description\": \"Specify whether to prevent computers from connecting to both a domain based network and a non-domain based network at the same time. A value of 0 allows simultaneous connections, and a value of 1 blocks them.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"TurnOffMulticastNameResolution\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Turn off multicast name resolution\",\r\n \"description\": \"Specifies whether LLMNR, a secondary name resolution protocol that transmits using multicast over a local subnet link on a single subnet, is enabled.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"AlwaysUseClassicLogon\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Always use classic logon\",\r\n \"description\": \"Specifies whether to force the user to log on to the computer using the classic logon screen. This setting only works when the computer is not on a domain.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"BootStartDriverInitializationPolicy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Boot-Start Driver Initialization Policy\",\r\n \"description\": \"Specifies which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver.\"\r\n },\r\n \"defaultValue\": \"3\"\r\n },\r\n \"EnableWindowsNTPClient\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Windows NTP Client\",\r\n \"description\": \"Specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"TurnOnConveniencePINSignin\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Turn on convenience PIN sign-in\",\r\n \"description\": \"Specifies whether a domain user can sign in using a convenience PIN.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AccountsGuestAccountStatus\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Accounts: Guest account status\",\r\n \"description\": \"Specifies whether the local Guest account is disabled.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit: Shut down system immediately if unable to log security audits\",\r\n \"description\": \"Audits if the system will shut down when unable to log Security events.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"DevicesAllowedToFormatAndEjectRemovableMedia\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Devices: Allowed to format and eject removable media\",\r\n \"description\": \"Specifies who is allowed to format and eject removable NTFS media. You can use this policy setting to prevent unauthorized users from removing data on one computer to access it on another computer on which they have local administrator privileges.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"MicrosoftNetworkClientDigitallySignCommunicationsAlways\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network client: Digitally sign communications (always)\",\r\n \"description\": \"Specifies whether packet signing is required by the SMB client component.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network client: Send unencrypted password to third-party SMB servers\",\r\n \"description\": \"Specifies whether the SMB redirector will send plaintext passwords during authentication to third-party SMB servers that do not support password encryption. It is recommended that you disable this policy setting unless there is a strong business case to enable it.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Amount of idle time required before suspending session\",\r\n \"description\": \"Specifies the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity. The format of the value is two integers separated by a comma, denoting an inclusive range.\"\r\n },\r\n \"defaultValue\": \"1,15\"\r\n },\r\n \"MicrosoftNetworkServerDigitallySignCommunicationsAlways\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Digitally sign communications (always)\",\r\n \"description\": \"Specifies whether packet signing is required by the SMB server component.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Disconnect clients when logon hours expire\",\r\n \"description\": \"Specifies whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. If you enable this policy setting you should also enable 'Network security: Force logoff when logon hours expire'\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Remotely accessible registry paths\",\r\n \"description\": \"Specifies which registry paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key.\"\r\n },\r\n \"defaultValue\": \"System\\\\CurrentControlSet\\\\Control\\\\ProductOptions|#|System\\\\CurrentControlSet\\\\Control\\\\Server Applications|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Remotely accessible registry paths and sub-paths\",\r\n \"description\": \"Specifies which registry paths and sub-paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key.\"\r\n },\r\n \"defaultValue\": \"System\\\\CurrentControlSet\\\\Control\\\\Print\\\\Printers|#|System\\\\CurrentControlSet\\\\Services\\\\Eventlog|#|Software\\\\Microsoft\\\\OLAP Server|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Print|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows|#|System\\\\CurrentControlSet\\\\Control\\\\ContentIndex|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\UserConfig|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\DefaultUserConfiguration|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Perflib|#|System\\\\CurrentControlSet\\\\Services\\\\SysmonLog\"\r\n },\r\n \"NetworkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Shares that can be accessed anonymously\",\r\n \"description\": \"Specifies which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network Security: Configure encryption types allowed for Kerberos\",\r\n \"description\": \"Specifies the encryption types that Kerberos is allowed to use.\"\r\n },\r\n \"defaultValue\": \"2147483644\"\r\n },\r\n \"NetworkSecurityLANManagerAuthenticationLevel\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: LAN Manager authentication level\",\r\n \"description\": \"Specify which challenge-response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers.\"\r\n },\r\n \"defaultValue\": \"5\"\r\n },\r\n \"NetworkSecurityLDAPClientSigningRequirements\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: LDAP client signing requirements\",\r\n \"description\": \"Specify the level of data signing that is requested on behalf of clients that issue LDAP BIND requests.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: Minimum session security for NTLM SSP based (including secure RPC) clients\",\r\n \"description\": \"Specifies which behaviors are allowed by clients for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers for more information.\"\r\n },\r\n \"defaultValue\": \"537395200\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: Minimum session security for NTLM SSP based (including secure RPC) servers\",\r\n \"description\": \"Specifies which behaviors are allowed by servers for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services.\"\r\n },\r\n \"defaultValue\": \"537395200\"\r\n },\r\n \"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery console: Allow floppy copy and access to all drives and all folders\",\r\n \"description\": \"Specifies whether to make the Recovery Console SET command available, which allows setting of recovery console environment variables.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Shutdown: Allow system to be shut down without having to log on\",\r\n \"description\": \"Specifies whether a computer can be shut down when a user is not logged on. If this policy setting is enabled, the shutdown command is available on the Windows logon screen.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"ShutdownClearVirtualMemoryPagefile\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Shutdown: Clear virtual memory pagefile\",\r\n \"description\": \"Specifies whether the virtual memory pagefile is cleared when the system is shut down. When this policy setting is enabled, the system pagefile is cleared each time that the system shuts down properly. For systems with large amounts of RAM, this could result in substantial time needed to complete the shutdown.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies\",\r\n \"description\": \"Specifies whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. It enables or disables certificate rules (a type of software restriction policies rule). For certificate rules to take effect in software restriction policies, you must enable this policy setting.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"UACAdminApprovalModeForTheBuiltinAdministratorAccount\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Admin Approval Mode for the Built-in Administrator account\",\r\n \"description\": \"Specifies the behavior of Admin Approval Mode for the built-in Administrator account.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Behavior of the elevation prompt for administrators in Admin Approval Mode\",\r\n \"description\": \"Specifies the behavior of the elevation prompt for administrators.\"\r\n },\r\n \"defaultValue\": \"2\"\r\n },\r\n \"UACDetectApplicationInstallationsAndPromptForElevation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Detect application installations and prompt for elevation\",\r\n \"description\": \"Specifies the behavior of application installation detection for the computer.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"UACRunAllAdministratorsInAdminApprovalMode\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Run all administrators in Admin Approval Mode\",\r\n \"description\": \"Specifies the behavior of all User Account Control (UAC) policy settings for the computer.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"EnforcePasswordHistory\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enforce password history\",\r\n \"description\": \"Specifies limits on password reuse - how many times a new password must be created for a user account before the password can be repeated.\"\r\n },\r\n \"defaultValue\": \"24\"\r\n },\r\n \"MaximumPasswordAge\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Maximum password age\",\r\n \"description\": \"Specifies the maximum number of days that may elapse before a user account password must be changed. The format of the value is two integers separated by a comma, denoting an inclusive range.\"\r\n },\r\n \"defaultValue\": \"1,70\"\r\n },\r\n \"MinimumPasswordAge\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Minimum password age\",\r\n \"description\": \"Specifies the minimum number of days that must elapse before a user account password can be changed.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"MinimumPasswordLength\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Minimum password length\",\r\n \"description\": \"Specifies the minimum number of characters that a user account password may contain.\"\r\n },\r\n \"defaultValue\": \"14\"\r\n },\r\n \"PasswordMustMeetComplexityRequirements\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Password must meet complexity requirements\",\r\n \"description\": \"Specifies whether a user account password must be complex. If required, a complex password must not contain part of user's account name or full name; be at least 6 characters long; contain a mix of uppercase, lowercase, number, and non-alphabetic characters.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"AuditCredentialValidation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Credential Validation\",\r\n \"description\": \"Specifies whether audit events are generated when credentials are submitted for a user account logon request. This setting is especially useful for monitoring unsuccessful attempts, to find brute-force attacks, account enumeration, and potential account compromise events on domain controllers.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"Success and Failure\"\r\n },\r\n \"AuditProcessTermination\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Process Termination\",\r\n \"description\": \"Specifies whether audit events are generated when a process has exited. Recommended for monitoring termination of critical processes.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"AuditGroupMembership\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Group Membership\",\r\n \"description\": \"Specifies whether audit events are generated when group memberships are enumerated on the client computer.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"Success\"\r\n },\r\n \"AuditDetailedFileShare\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Detailed File Share\",\r\n \"description\": \"If this policy setting is enabled, access to all shared files and folders on the system is audited. Auditing for Success can lead to very high volumes of events.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"AuditFileShare\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit File Share\",\r\n \"description\": \"Specifies whether to audit events related to file shares: creation, deletion, modification, and access attempts. Also, it shows failed SMB SPN checks. Event volumes can be high on DCs and File Servers.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"AuditFileSystem\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit File System\",\r\n \"description\": \"Specifies whether audit events are generated when users attempt to access file system objects. Audit events are generated only for objects that have configured system access control lists (SACLs).\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"AuditAuthenticationPolicyChange\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Authentication Policy Change\",\r\n \"description\": \"Specifies whether audit events are generated when changes are made to authentication policy. This setting is useful for tracking changes in domain-level and forest-level trust and privileges that are granted to user accounts or groups.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"Success\"\r\n },\r\n \"AuditAuthorizationPolicyChange\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Authorization Policy Change\",\r\n \"description\": \"Specifies whether audit events are generated for assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"AuditOtherSystemEvents\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Other System Events\",\r\n \"description\": \"Specifies whether audit events are generated for Windows Firewall Service and Windows Firewall driver start and stop events, failure events for these services and Windows Firewall Service policy processing failures.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may access this computer from the network\",\r\n \"description\": \"Specifies which remote users on the network are permitted to connect to the computer. This does not include Remote Desktop Connection.\"\r\n },\r\n \"defaultValue\": \"Administrators, Authenticated Users\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnLocally\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may log on locally\",\r\n \"description\": \"Specifies which users or groups can interactively log on to the computer. Users who attempt to log on via Remote Desktop Connection or IIS also require this user right.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may log on through Remote Desktop Services\",\r\n \"description\": \"Specifies which users or groups are permitted to log on as a Terminal Services client, Remote Desktop, or for Remote Assistance.\"\r\n },\r\n \"defaultValue\": \"Administrators, Remote Desktop Users\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied access to this computer from the network\",\r\n \"description\": \"Specifies which users or groups are explicitly prohibited from connecting to the computer across the network.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersOrGroupsThatMayManageAuditingAndSecurityLog\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may manage auditing and security log\",\r\n \"description\": \"Specifies users and groups permitted to change the auditing options for files and directories and clear the Security log.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersOrGroupsThatMayBackUpFilesAndDirectories\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may back up files and directories\",\r\n \"description\": \"Specifies users and groups allowed to circumvent file and directory permissions to back up the system.\"\r\n },\r\n \"defaultValue\": \"Administrators, Backup Operators\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheSystemTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may change the system time\",\r\n \"description\": \"Specifies which users and groups are permitted to change the time and date on the internal clock of the computer.\"\r\n },\r\n \"defaultValue\": \"Administrators, LOCAL SERVICE\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheTimeZone\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may change the time zone\",\r\n \"description\": \"Specifies which users and groups are permitted to change the time zone of the computer.\"\r\n },\r\n \"defaultValue\": \"Administrators, LOCAL SERVICE\"\r\n },\r\n \"UsersOrGroupsThatMayCreateATokenObject\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may create a token object\",\r\n \"description\": \"Specifies which users and groups are permitted to create an access token, which may provide elevated rights to access sensitive data.\"\r\n },\r\n \"defaultValue\": \"No One\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied logging on as a batch job\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer as a batch job (i.e. scheduled task).\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsAService\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied logging on as a service\",\r\n \"description\": \"Specifies which service accounts are explicitly not permitted to register a process as a service.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLocalLogon\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied local logon\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied log on through Remote Desktop Services\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer via Terminal Services/Remote Desktop Client.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UserAndGroupsThatMayForceShutdownFromARemoteSystem\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"User and groups that may force shutdown from a remote system\",\r\n \"description\": \"Specifies which users and groups are permitted to shut down the computer from a remote location on the network.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersAndGroupsThatMayRestoreFilesAndDirectories\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that may restore files and directories\",\r\n \"description\": \"Specifies which users and groups are permitted to bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories.\"\r\n },\r\n \"defaultValue\": \"Administrators, Backup Operators\"\r\n },\r\n \"UsersAndGroupsThatMayShutDownTheSystem\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that may shut down the system\",\r\n \"description\": \"Specifies which users and groups who are logged on locally to the computers in your environment are permitted to shut down the operating system with the Shut Down command.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may take ownership of files or other objects\",\r\n \"description\": \"Specifies which users and groups are permitted to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"SendFileSamplesWhenFurtherAnalysisIsRequired\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Send file samples when further analysis is required\",\r\n \"description\": \"Specifies whether and how Windows Defender will submit samples of suspected malware to Microsoft for further analysis when opt-in for MAPS telemetry is set.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"AllowIndexingOfEncryptedFiles\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow indexing of encrypted files\",\r\n \"description\": \"Specifies whether encrypted items are allowed to be indexed.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AllowTelemetry\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow Telemetry\",\r\n \"description\": \"Specifies configuration of the amount of diagnostic and usage data reported to Microsoft. The data is transmitted securely and sensitive data is not sent.\"\r\n },\r\n \"defaultValue\": \"2\"\r\n },\r\n \"AllowUnencryptedTraffic\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow unencrypted traffic\",\r\n \"description\": \"Specifies whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AlwaysInstallWithElevatedPrivileges\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Always install with elevated privileges\",\r\n \"description\": \"Specifies whether Windows Installer should use system permissions when it installs any program on the system.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AlwaysPromptForPasswordUponConnection\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Always prompt for password upon connection\",\r\n \"description\": \"Specifies whether Terminal Services/Remote Desktop Connection always prompts the client computer for a password upon connection.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"ApplicationSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the Application event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"32768\"\r\n },\r\n \"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Automatically send memory dumps for OS-generated error reports\",\r\n \"description\": \"Specifies if memory dumps in support of OS-generated error reports can be sent to Microsoft automatically.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"ConfigureDefaultConsent\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Configure Default consent\",\r\n \"description\": \"Specifies setting of the default consent handling for error reports sent to Microsoft.\"\r\n },\r\n \"defaultValue\": \"4\"\r\n },\r\n \"ConfigureWindowsSmartScreen\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Configure Windows SmartScreen\",\r\n \"description\": \"Specifies how to manage the behavior of Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users before running unrecognized programs downloaded from the Internet. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"DisallowDigestAuthentication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Disallow Digest authentication\",\r\n \"description\": \"Specifies whether the Windows Remote Management (WinRM) client will not use Digest authentication.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"DisallowWinRMFromStoringRunAsCredentials\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Disallow WinRM from storing RunAs credentials\",\r\n \"description\": \"Specifies whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"DoNotAllowPasswordsToBeSaved\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Do not allow passwords to be saved\",\r\n \"description\": \"Specifies whether to prevent Remote Desktop Services - Terminal Services clients from saving passwords on a computer.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"SecuritySpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Security: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the Security event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"196608\"\r\n },\r\n \"SetClientConnectionEncryptionLevel\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Set client connection encryption level\",\r\n \"description\": \"Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption.\"\r\n },\r\n \"defaultValue\": \"3\"\r\n },\r\n \"SetTheDefaultBehaviorForAutoRun\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Set the default behavior for AutoRun\",\r\n \"description\": \"Specifies the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"SetupSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Setup: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the Setup event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"32768\"\r\n },\r\n \"SystemSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the System event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"32768\"\r\n },\r\n \"TurnOffDataExecutionPreventionForExplorer\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Turn off Data Execution Prevention for Explorer\",\r\n \"description\": \"Specifies whether to turn off Data Execution Prevention for Windows File Explorer. Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"SpecifyTheIntervalToCheckForDefinitionUpdates\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Specify the interval to check for definition updates\",\r\n \"description\": \"Specifies an interval at which to check for Windows Defender definition updates. The time value is represented as the number of hours between update checks.\"\r\n },\r\n \"defaultValue\": \"8\"\r\n },\r\n \"WindowsFirewallDomainUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Domain profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Domain profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Private profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Private profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Public profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Public profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Domain: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPrivateAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Private: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Private profile.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPublicAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Public: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_AdministrativeTemplatesControlPanel\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_AdministrativeTemplatesNetwork\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8\",\r\n \"parameters\": {\r\n \"EnableInsecureGuestLogons\": {\r\n \"value\": \"[parameters('EnableInsecureGuestLogons')]\"\r\n },\r\n \"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain\": {\r\n \"value\": \"[parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain')]\"\r\n },\r\n \"TurnOffMulticastNameResolution\": {\r\n \"value\": \"[parameters('TurnOffMulticastNameResolution')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_AdministrativeTemplatesSystem\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899\",\r\n \"parameters\": {\r\n \"AlwaysUseClassicLogon\": {\r\n \"value\": \"[parameters('AlwaysUseClassicLogon')]\"\r\n },\r\n \"BootStartDriverInitializationPolicy\": {\r\n \"value\": \"[parameters('BootStartDriverInitializationPolicy')]\"\r\n },\r\n \"EnableWindowsNTPClient\": {\r\n \"value\": \"[parameters('EnableWindowsNTPClient')]\"\r\n },\r\n \"TurnOnConveniencePINSignin\": {\r\n \"value\": \"[parameters('TurnOnConveniencePINSignin')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_AdminstrativeTemplatesMSSLegacy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3\",\r\n \"parameters\": {\r\n \"AccountsGuestAccountStatus\": {\r\n \"value\": \"[parameters('AccountsGuestAccountStatus')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsAudit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3\",\r\n \"parameters\": {\r\n \"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits\": {\r\n \"value\": \"[parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsDevices\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897\",\r\n \"parameters\": {\r\n \"DevicesAllowedToFormatAndEjectRemovableMedia\": {\r\n \"value\": \"[parameters('DevicesAllowedToFormatAndEjectRemovableMedia')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsInteractiveLogon\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkClient\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bbcdd8fa-b600-4ee3-85b8-d184e3339652\",\r\n \"parameters\": {\r\n \"MicrosoftNetworkClientDigitallySignCommunicationsAlways\": {\r\n \"value\": \"[parameters('MicrosoftNetworkClientDigitallySignCommunicationsAlways')]\"\r\n },\r\n \"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers\": {\r\n \"value\": \"[parameters('MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers')]\"\r\n },\r\n \"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession')]\"\r\n },\r\n \"MicrosoftNetworkServerDigitallySignCommunicationsAlways\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerDigitallySignCommunicationsAlways')]\"\r\n },\r\n \"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsNetworkAccess\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a\",\r\n \"parameters\": {\r\n \"NetworkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPaths')]\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths')]\"\r\n },\r\n \"NetworkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"value\": \"[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsNetworkSecurity\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b\",\r\n \"parameters\": {\r\n \"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos\": {\r\n \"value\": \"[parameters('NetworkSecurityConfigureEncryptionTypesAllowedForKerberos')]\"\r\n },\r\n \"NetworkSecurityLANManagerAuthenticationLevel\": {\r\n \"value\": \"[parameters('NetworkSecurityLANManagerAuthenticationLevel')]\"\r\n },\r\n \"NetworkSecurityLDAPClientSigningRequirements\": {\r\n \"value\": \"[parameters('NetworkSecurityLDAPClientSigningRequirements')]\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients\": {\r\n \"value\": \"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients')]\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers\": {\r\n \"value\": \"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b\",\r\n \"parameters\": {\r\n \"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"value\": \"[parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsShutdown\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da\",\r\n \"parameters\": {\r\n \"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn\": {\r\n \"value\": \"[parameters('ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn')]\"\r\n },\r\n \"ShutdownClearVirtualMemoryPagefile\": {\r\n \"value\": \"[parameters('ShutdownClearVirtualMemoryPagefile')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsSystemobjects\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsSystemsettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5\",\r\n \"parameters\": {\r\n \"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies\": {\r\n \"value\": \"[parameters('SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsUserAccountControl\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc\",\r\n \"parameters\": {\r\n \"UACAdminApprovalModeForTheBuiltinAdministratorAccount\": {\r\n \"value\": \"[parameters('UACAdminApprovalModeForTheBuiltinAdministratorAccount')]\"\r\n },\r\n \"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode\": {\r\n \"value\": \"[parameters('UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode')]\"\r\n },\r\n \"UACDetectApplicationInstallationsAndPromptForElevation\": {\r\n \"value\": \"[parameters('UACDetectApplicationInstallationsAndPromptForElevation')]\"\r\n },\r\n \"UACRunAllAdministratorsInAdminApprovalMode\": {\r\n \"value\": \"[parameters('UACRunAllAdministratorsInAdminApprovalMode')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecuritySettingsAccountPolicies\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c\",\r\n \"parameters\": {\r\n \"EnforcePasswordHistory\": {\r\n \"value\": \"[parameters('EnforcePasswordHistory')]\"\r\n },\r\n \"MaximumPasswordAge\": {\r\n \"value\": \"[parameters('MaximumPasswordAge')]\"\r\n },\r\n \"MinimumPasswordAge\": {\r\n \"value\": \"[parameters('MinimumPasswordAge')]\"\r\n },\r\n \"MinimumPasswordLength\": {\r\n \"value\": \"[parameters('MinimumPasswordLength')]\"\r\n },\r\n \"PasswordMustMeetComplexityRequirements\": {\r\n \"value\": \"[parameters('PasswordMustMeetComplexityRequirements')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesAccountLogon\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65\",\r\n \"parameters\": {\r\n \"AuditCredentialValidation\": {\r\n \"value\": \"[parameters('AuditCredentialValidation')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505\",\r\n \"parameters\": {\r\n \"AuditProcessTermination\": {\r\n \"value\": \"[parameters('AuditProcessTermination')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesLogonLogoff\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930\",\r\n \"parameters\": {\r\n \"AuditGroupMembership\": {\r\n \"value\": \"[parameters('AuditGroupMembership')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesObjectAccess\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a\",\r\n \"parameters\": {\r\n \"AuditDetailedFileShare\": {\r\n \"value\": \"[parameters('AuditDetailedFileShare')]\"\r\n },\r\n \"AuditFileShare\": {\r\n \"value\": \"[parameters('AuditFileShare')]\"\r\n },\r\n \"AuditFileSystem\": {\r\n \"value\": \"[parameters('AuditFileSystem')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesPolicyChange\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13\",\r\n \"parameters\": {\r\n \"AuditAuthenticationPolicyChange\": {\r\n \"value\": \"[parameters('AuditAuthenticationPolicyChange')]\"\r\n },\r\n \"AuditAuthorizationPolicyChange\": {\r\n \"value\": \"[parameters('AuditAuthorizationPolicyChange')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesPrivilegeUse\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesSystem\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473\",\r\n \"parameters\": {\r\n \"AuditOtherSystemEvents\": {\r\n \"value\": \"[parameters('AuditOtherSystemEvents')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_UserRightsAssignment\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24\",\r\n \"parameters\": {\r\n \"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayAccessThisComputerFromTheNetwork')]\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnLocally\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnLocally')]\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork')]\"\r\n },\r\n \"UsersOrGroupsThatMayManageAuditingAndSecurityLog\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayManageAuditingAndSecurityLog')]\"\r\n },\r\n \"UsersOrGroupsThatMayBackUpFilesAndDirectories\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayBackUpFilesAndDirectories')]\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheSystemTime\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheSystemTime')]\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheTimeZone\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheTimeZone')]\"\r\n },\r\n \"UsersOrGroupsThatMayCreateATokenObject\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayCreateATokenObject')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsAService\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsAService')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLocalLogon\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLocalLogon')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n \"UserAndGroupsThatMayForceShutdownFromARemoteSystem\": {\r\n \"value\": \"[parameters('UserAndGroupsThatMayForceShutdownFromARemoteSystem')]\"\r\n },\r\n \"UsersAndGroupsThatMayRestoreFilesAndDirectories\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatMayRestoreFilesAndDirectories')]\"\r\n },\r\n \"UsersAndGroupsThatMayShutDownTheSystem\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatMayShutDownTheSystem')]\"\r\n },\r\n \"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_WindowsComponents\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24\",\r\n \"parameters\": {\r\n \"SendFileSamplesWhenFurtherAnalysisIsRequired\": {\r\n \"value\": \"[parameters('SendFileSamplesWhenFurtherAnalysisIsRequired')]\"\r\n },\r\n \"AllowIndexingOfEncryptedFiles\": {\r\n \"value\": \"[parameters('AllowIndexingOfEncryptedFiles')]\"\r\n },\r\n \"AllowTelemetry\": {\r\n \"value\": \"[parameters('AllowTelemetry')]\"\r\n },\r\n \"AllowUnencryptedTraffic\": {\r\n \"value\": \"[parameters('AllowUnencryptedTraffic')]\"\r\n },\r\n \"AlwaysInstallWithElevatedPrivileges\": {\r\n \"value\": \"[parameters('AlwaysInstallWithElevatedPrivileges')]\"\r\n },\r\n \"AlwaysPromptForPasswordUponConnection\": {\r\n \"value\": \"[parameters('AlwaysPromptForPasswordUponConnection')]\"\r\n },\r\n \"ApplicationSpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('ApplicationSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports\": {\r\n \"value\": \"[parameters('AutomaticallySendMemoryDumpsForOSgeneratedErrorReports')]\"\r\n },\r\n \"ConfigureDefaultConsent\": {\r\n \"value\": \"[parameters('ConfigureDefaultConsent')]\"\r\n },\r\n \"ConfigureWindowsSmartScreen\": {\r\n \"value\": \"[parameters('ConfigureWindowsSmartScreen')]\"\r\n },\r\n \"DisallowDigestAuthentication\": {\r\n \"value\": \"[parameters('DisallowDigestAuthentication')]\"\r\n },\r\n \"DisallowWinRMFromStoringRunAsCredentials\": {\r\n \"value\": \"[parameters('DisallowWinRMFromStoringRunAsCredentials')]\"\r\n },\r\n \"DoNotAllowPasswordsToBeSaved\": {\r\n \"value\": \"[parameters('DoNotAllowPasswordsToBeSaved')]\"\r\n },\r\n \"SecuritySpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('SecuritySpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"SetClientConnectionEncryptionLevel\": {\r\n \"value\": \"[parameters('SetClientConnectionEncryptionLevel')]\"\r\n },\r\n \"SetTheDefaultBehaviorForAutoRun\": {\r\n \"value\": \"[parameters('SetTheDefaultBehaviorForAutoRun')]\"\r\n },\r\n \"SetupSpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('SetupSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"SystemSpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('SystemSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"TurnOffDataExecutionPreventionForExplorer\": {\r\n \"value\": \"[parameters('TurnOffDataExecutionPreventionForExplorer')]\"\r\n },\r\n \"SpecifyTheIntervalToCheckForDefinitionUpdates\": {\r\n \"value\": \"[parameters('SpecifyTheIntervalToCheckForDefinitionUpdates')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_WindowsFirewallProperties\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9\",\r\n \"parameters\": {\r\n \"WindowsFirewallDomainUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallDomainDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallPrivateUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallPrivateDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallPublicUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallPublicDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallDomainAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainAllowUnicastResponse')]\"\r\n },\r\n \"WindowsFirewallPrivateAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateAllowUnicastResponse')]\"\r\n },\r\n \"WindowsFirewallPublicAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicAllowUnicastResponse')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_AdministrativeTemplatesControlPanel\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_AdministrativeTemplatesNetwork\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_AdministrativeTemplatesSystem\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_AdminstrativeTemplatesMSSLegacy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsAudit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsDevices\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsInteractiveLogon\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkClient\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsNetworkAccess\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsNetworkSecurity\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsRecoveryconsole\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsShutdown\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3a77a94-cf41-4ee8-b45c-98be28841c03\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsSystemobjects\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsSystemsettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsUserAccountControl\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/29829ec2-489d-4925-81b7-bda06b1718e0\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecuritySettingsAccountPolicies\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ddb53c61-9db4-41d4-a953-2abff5b66c12\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesAccountLogon\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesLogonLogoff\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesObjectAccess\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesPolicyChange\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesPrivilegeUse\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesSystem\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_UserRightsAssignment\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c961dac9-5916-42e8-8fb1-703148323994\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_WindowsComponents\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_WindowsFirewallProperties\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d618d658-b2d0-410e-9e2e-bfbfd04d09fa\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d618d658-b2d0-410e-9e2e-bfbfd04d09fa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs that have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines that have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names (supports wildcards)\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should not be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit FedRAMP Moderate controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of FedRAMP M controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/fedrampm-blueprint.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n },\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n },\r\n \"membersToExclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to exclude\",\r\n \"description\": \"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n },\r\n \"membersToInclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to include\",\r\n \"description\": \"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CorsShouldNotAllowEveryResourceToAccessYourWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeprecatedAccountsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"FunctionAppShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"WebApplicationShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ApiAppShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DDoSProtectionStandardShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployPrerequisitesToAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SystemUpdatesShouldBeInstalledOnYourMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DiskEncryptionShouldBeAppliedOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypes')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSqlServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfCustomRBACRules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVirtualMachinesWithoutDisasterRecoveryConfigured\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\r\n \"parameters\": {\r\n \"membersToExclude\": {\r\n \"value\": \"[parameters('membersToExclude')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"parameters\": {\r\n \"membersToInclude\": {\r\n \"value\": \"[parameters('membersToInclude')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"value\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e95f5a9f-57ad-4d03-bb0b-b1d16db93693\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs that do not have the specified Windows PowerShell execution policy\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines where Windows PowerShell is not configured to use the specified PowerShell execution policy. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ExecutionPolicy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"PowerShell Execution Policy\",\r\n \"description\": \"The expected PowerShell execution policy.\"\r\n },\r\n \"allowedValues\": [\r\n \"AllSigned\",\r\n \"Bypass\",\r\n \"Default\",\r\n \"RemoteSigned\",\r\n \"Restricted\",\r\n \"Undefined\",\r\n \"Unrestricted\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsPowerShellExecutionPolicy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615\",\r\n \"parameters\": {\r\n \"ExecutionPolicy\": {\r\n \"value\": \"[parameters('ExecutionPolicy')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsPowerShellExecutionPolicy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f000289c-47af-4043-87da-91ba9e1a2720\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f000289c-47af-4043-87da-91ba9e1a2720\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Linux VMs that have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Linux virtual machines that have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should not be installed. e.g. 'python; powershell'\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Test Modify initiative\",\r\n \"policyType\": \"Custom\",\r\n \"metadata\": {\r\n \"createdBy\": \"0dc80135-ae53-4da3-8695-220a2d93aad8\",\r\n \"createdOn\": \"2019-08-29T00:36:36.3227701Z\",\r\n \"updatedBy\": \"0dc80135-ae53-4da3-8695-220a2d93aad8\",\r\n \"updatedOn\": \"2019-08-29T00:44:27.7479878Z\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"8044870099827093134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"2352795843478363616\",\r\n \"policyDefinitionId\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyDefinitions/robgaTestModify\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55afae72-7df0-417b-9eb7-f756576c854a\"\r\n }\r\n ]\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs in which the Administrators group does not contain only the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group does not contain only the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"Members\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members\",\r\n \"description\": \"A semicolon-separated list of all the expected members of the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AdministratorsGroupMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b821191b-3a12-44bc-9c38-212138a29ff3\",\r\n \"parameters\": {\r\n \"Members\": {\r\n \"value\": \"[parameters('Members')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AdministratorsGroupMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cc7cda28-f867-4311-8497-a526129a8d19\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/06122b01-688c-42a8-af2e-fa97dd39aa3b\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"06122b01-688c-42a8-af2e-fa97dd39aa3b\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs on which the Log Analytics agent is not connected as expected\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"WorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Connected workspace IDs\",\r\n \"description\": \"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsLogAnalyticsAgentConnection\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a\",\r\n \"parameters\": {\r\n \"WorkspaceId\": {\r\n \"value\": \"[parameters('WorkspaceId')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsLogAnalyticsAgentConnection\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/06c5e415-a662-463a-bb85-ede14286b979\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"06c5e415-a662-463a-bb85-ede14286b979\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit IRS1075 September 2016 controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of IRS1075 September 2016 controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/irs1075-blueprint.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceIdforVMReporting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace ID for VM agent reporting\"\r\n }\r\n },\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n },\r\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"List of users excluded from Windows VM Administrators group\"\r\n }\r\n },\r\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"List of users that must be included in Windows VM Administrators group\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAnApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"value\": \"[parameters('logAnalyticsWorkspaceIdforVMreporting')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditMaximumNumberOfOwnersForASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditMinimumNumberOfOwnersForSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditRemoteDebuggingStateForAFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditRemoteDebuggingStateForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditRemoteDebuggingStateForAnAPIApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditEnablingOfOnlySecureConnectionsToYourRedisCache\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLManagedInstancesWithoutAdvancedDataSecurity\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLServersWithoutAdvancedDataSecurity\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditTransparentDataEncryptionStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfCustomRBACRules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVirtualMachinesWithoutDisasterRecoveryConfigured\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\r\n \"parameters\": {\r\n \"MembersToExclude\": {\r\n \"value\": \"[parameters('listOfMembersToExcludeFromWindowsVMAdministratorsGroup')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"parameters\": {\r\n \"MembersToInclude\": {\r\n \"value\": \"[parameters('listOfMembersToIncludeInWindowsVMAdministratorsGroup')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"105e0327-6175-4eb2-9af4-1fba43bdb39d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs in which the Administrators group does not contain all of the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group does not contain all of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"MembersToInclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to include\",\r\n \"description\": \"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AdministratorsGroupMembersToInclude\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"parameters\": {\r\n \"MembersToInclude\": {\r\n \"value\": \"[parameters('MembersToInclude')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AdministratorsGroupMembersToInclude\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/133046de-0bd7-4546-93f4-f452e9e258b7\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"133046de-0bd7-4546-93f4-f452e9e258b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit CIS Microsoft Azure Foundations Benchmark 1.1.0 recommendations and deploy specific supporting VM Extensions\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/cisazure-blueprint.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"listOfRegionsWhereNetworkWatcherShouldBeEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of regions where Network Watcher should be enabled\",\r\n \"description\": \"To see a complete list of regions use Get-AzLocation\",\r\n \"strongType\": \"location\"\r\n },\r\n \"defaultValue\": [\r\n \"eastus\"\r\n ]\r\n },\r\n \"listOfApprovedVMExtensions\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of virtual machine extensions that are approved for use\",\r\n \"description\": \"To see a complete list of virtual machine extensions, use Get-AzVMExtensionImage\"\r\n },\r\n \"defaultValue\": [\r\n \"AzureDiskEncryption\",\r\n \"AzureDiskEncryptionForLinux\",\r\n \"DependencyAgentWindows\",\r\n \"DependencyAgentLinux\",\r\n \"IaaSAntimalware\",\r\n \"IaaSDiagnostics\",\r\n \"LinuxDiagnostic\",\r\n \"MicrosoftMonitoringAgent\",\r\n \"NetworkWatcherAgentLinux\",\r\n \"NetworkWatcherAgentWindows\",\r\n \"OmsAgentForLinux\",\r\n \"VMSnapshot\",\r\n \"VMSnapshotLinux\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x1x1\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x1x1m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x1x2\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x1x3\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x1x3m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x1x3mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x1x23\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x1\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x2\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x3CISv110x7x5\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x4\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x5CISv110x7x6\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x6CISv110x7x1CISv110x7x2\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x7\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x8\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x9\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x9m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x10\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x12\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x13\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x14CISv110x4x1\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x15CISv110x4x9\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x16\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x17\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x18\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x2x19\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x3x1\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x3x7\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x3x8\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x2\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x3\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x4\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x4m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x5\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x5m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x6\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x6m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x7\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x7m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x8\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x10\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x10m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x11\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x12\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x13\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x14\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x15\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x16\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x4x17\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x5x1x1\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x5x1x2\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x5x1x3\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x5x1x4\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x5x1x7\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x6x5\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\",\r\n \"parameters\": {\r\n \"listOfLocations\": {\r\n \"value\": \"[parameters('listOfRegionsWhereNetworkWatcherShouldBeEnabled')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x7x3\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x7x4\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432\",\r\n \"parameters\": {\r\n \"approvedExtensions\": {\r\n \"value\": \"[parameters('listOfApprovedVMExtensions')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x8x4\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x8x5\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x2\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x3\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x3m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x3mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x4\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x4m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x4mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x5\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86d97760-d216-4d81-a3ad-163087b2b6c3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x5m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0473e7a-a1ba-4e86-afb2-e829e11b01d8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x5mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa81768c-cb87-4ce2-bfaa-00baa10d760c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x6\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c2e7ca55-f62c-49b2-89a4-d41eb661d2f0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x6m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/10c1859c-e1a7-4df3-ab97-a487fa8059f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x6mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/843664e0-7563-41ee-a9cb-7522c382d2c4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x7\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x7m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ab965db2-d2bf-4b64-8b39-c38ec8179461\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x7mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x8\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x8m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x8mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x9\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x9m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x9mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x10\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x10m\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CISv110x9x10mm\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1a5bb27d-173f-493e-9568-eb56638dde4d\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Monitoring in Azure Security Center\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {\r\n \"vmssSystemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System updates on virtual machine scale sets should be installed\",\r\n \"description\": \"Enable or disable virtual machine scale sets reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vmssEndpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Endpoint protection solution should be installed on virtual machine scale sets\",\r\n \"description\": \"Enable or disable virtual machine scale sets endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vmssOsVulnerabilitiesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities in security configuration on your virtual machine scale sets should be remediated\",\r\n \"description\": \"Enable or disable virtual machine scale sets OS vulnerabilities monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System updates should be installed on your machines\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities in security configuration on your machines should be remediated\",\r\n \"description\": \"Enable or disable OS vulnerabilities monitoring (based on a configured baseline)\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor missing Endpoint Protection in Azure Security Center\",\r\n \"description\": \"Enable or disable endpoint protection monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Disk encryption should be applied on virtual machines\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"networkSecurityGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor network security groups\",\r\n \"description\": \"[Deprecated] Enable or disable monitoring of network security groups with permissive rules\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"networkSecurityGroupsOnSubnetsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network Security Groups on the subnet level should be enabled\",\r\n \"description\": \"Enable or disable monitoring of NSGs on subnets\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"networkSecurityGroupsOnVirtualMachinesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network Security Groups for virtual machines should be enabled\",\r\n \"description\": \"Enable or disable monitoring of NSGs on VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webApplicationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"The NSGs rules for web applications on IaaS should be hardened\",\r\n \"description\": \"Enable or disable the monitoring of unprotected web applications\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Access through Internet facing endpoint should be restricted\",\r\n \"description\": \"Enable or disable overly permissive inbound NSG rules monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities should be remediated by a Vulnerability Assessment solution\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"serverVulnerabilityAssessmentEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"[Preview] Vulnerability Assessment should be enabled on Virtual Machines\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by Azure Security Center Vulnerability Assessment\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"storageEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit missing blob encryption for storage accounts\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of blob encryption for storage accounts\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Just-In-Time network access control should be applied on virtual machines\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Adaptive Application Controls should be enabled on virtual machines\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"[Deprecated] Monitor unaudited SQL servers in Azure Security Center\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL databases\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"sqlEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"[Deprecated] Monitor unencrypted SQL databases in Azure Security Center\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Transparent Data Encryption on SQL databases should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of unencrypted SQL databases\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auditing should be enabled on advanced data security settings on SQL Server\",\r\n \"description\": \"Enable or disable the monitoring of unaudited SQL Servers\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingActionsAndGroupsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"SQL Auditing settings should have Action-Groups configured to capture critical activities\",\r\n \"description\": \"Enable or disable the monitoring of auditing policy Action-Groups and Actions setting\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"SqlServerAuditingRetentionDaysMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"SQL servers should be configured with auditing retention days greater than 90 days\",\r\n \"description\": \"Enable or disable the monitoring of SQL servers with auditing retention period less than 90\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInAppServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor diagnostic logs in Azure App Services\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of diagnostics logs in Azure App Services\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"diagnosticsLogsInSelectiveAppServicesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in App Services should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostics logs in Azure App Services\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"encryptionOfAutomationAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Automation account variables should be encrypted\",\r\n \"description\": \"Enable or disable the monitoring of automation account encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Batch accounts should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"metricAlertsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric alert rules should be configured on Batch accounts\",\r\n \"description\": \"Enable or disable the monitoring of metric alerts in Batch accounts\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Virtual machines should be migrated to new Azure Resource Manager resources\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"classicStorageAccountsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage accounts should be migrated to new Azure Resource Manager resources\",\r\n \"description\": \"Enable or disable the monitoring of classic storage accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Data Lake Analytics should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Analytics accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Azure Data Lake Store should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInDataLakeStoreRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Data Lake Store accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Event Hub should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInKeyVaultMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Key Vault should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Key Vault vaults\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInKeyVaultRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Key Vault vaults\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Logic Apps should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInLogicAppsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Only secure connections to your Redis Cache should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Redis Cache\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Search services should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Service Fabric clusters should only use Azure Active Directory for client authentication\",\r\n \"description\": \"Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"clusterProtectionLevelInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign\",\r\n \"description\": \"Enable or disable the monitoring of cluster protection level in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Service Bus should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Bus\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceBusRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Service Bus\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"An Azure Active Directory administrator should be provisioned for SQL servers\",\r\n \"description\": \"Enable or disable the monitoring of an Azure AD admininistrator for SQL server\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Secure transfer to storage accounts should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of secure transfer to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Azure Stream Analytics should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Stream Analytics\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInStreamAnalyticsRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Stream Analytics\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"useRbacRulesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit usage of custom RBAC rules\",\r\n \"description\": \"Enable or disable the monitoring of using built-in RBAC rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Virtual Machine Scale Sets should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"accessRulesInEventHubNamespaceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"All authorization rules except RootManageSharedAccessKey should be removed from Event Hub namespace\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hub namespaces\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"accessRulesInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Authorization rules on the Event Hub instance should be defined\",\r\n \"description\": \"Enable or disable the monitoring of access rules in Event Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities on your SQL databases should be remediated\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbDataClassificationMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Sensitive data in your SQL databases should be classified\",\r\n \"description\": \"Enable or disable the monitoring of sensitive data classification in databases.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"A maximum of 3 owners should be designated for your subscription\",\r\n \"description\": \"Enable or disable the monitoring of maximum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"There should be more than one owner assigned to your subscription\",\r\n \"description\": \"Enable or disable the monitoring of minimum owners in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"MFA should be enabled on accounts with owner permissions on your subscription\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"MFA should be enabled accounts with write permissions on your subscription\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"MFA should be enabled on accounts with read permissions on your subscription\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Deprecated accounts with owner permissions should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Deprecated accounts should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"External accounts with owner permissions should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"External accounts with write permissions should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"External accounts with read permissions should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for API App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of IP restrictions for API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"functionAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Function App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of IP restrictions for Function App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppConfigureIPRestrictionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Configure IP restrictions for Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of IP restrictions for Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Remote debugging should be turned off for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Remote debugging should be turned off for Function App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Function App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Remote debugging should be turned off for Web Application\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppAuditFtpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"FTPS should be required in your API App\",\r\n \"description\": \"Enable FTPS enforcement for enhanced security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppAuditFtpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"FTPS should be required in your Function App\",\r\n \"description\": \"Enable FTPS enforcement for enhanced security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppAuditFtpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"FTPS should be required in your Web App\",\r\n \"description\": \"Enable FTPS enforcement for enhanced security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUseManagedIdentityMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"A managed identity should be used in your API App\",\r\n \"description\": \"Use a managed identity for enhanced authentication security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppUseManagedIdentityMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"A managed identity should be used in your Function App\",\r\n \"description\": \"Use a managed identity for enhanced authentication security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppUseManagedIdentityMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"A managed identity should be used in your Web App\",\r\n \"description\": \"Use a managed identity for enhanced authentication security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppRequireLatestTlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest TLS version should be used in your API App\",\r\n \"description\": \"Upgrade to the latest TLS version\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRequireLatestTlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest TLS version should be used in your Function App\",\r\n \"description\": \"Upgrade to the latest TLS version\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRequireLatestTlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Latest TLS version should be used in your Web App\",\r\n \"description\": \"Upgrade to the latest TLS version\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for API App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of web sockets for API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"functionAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Function App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of web sockets for Function App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppDisableWebSocketsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor disable web sockets for Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of web sockets for Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"API App should only be accessible over HTTPS\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of the use of HTTPS in API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Function App should only be accessible over HTTPS\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of the use of HTTPS in function App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Web Application should only be accessible over HTTPS\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of the use of HTTPS in Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffectV2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"API App should only be accessible over HTTPS V2\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App V2\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffectV2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Function App should only be accessible over HTTPS V2\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App V2\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffectV2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Web Application should only be accessible over HTTPS V2\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App V2\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"apiAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"CORS should not allow every resource to access your API App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"functionAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"CORS should not allow every resource to access your Function App\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Function\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"CORS should not allow every resource to access your Web Application\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in API App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of custom domain use in API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"functionAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Function App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of custom domain use in Function App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppUsedCustomDomainsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor the custom domain use in Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of custom domain use in Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"apiAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in API App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of .Net version in API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppUsedLatestDotNetMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest .Net in Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of .Net version in Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"apiAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in API App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of Java version in API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppUsedLatestJavaMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Java in Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of Java version in Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppUsedLatestNodeJsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Node.js in Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of Node.js version in Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"apiAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in API App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of PHP version in API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppUsedLatestPHPMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest PHP in Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of PHP version in Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"apiAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in API App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of Python version in API App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"webAppUsedLatestPythonMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor use latest Python in Web App\",\r\n \"description\": \"[Deprecated] Enable or disable the monitoring of Python version in Web App\",\r\n \"deprecated\": true\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Disabled\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"DDoS Protection Standard should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of DDoS protection for virtual network\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in IoT Hub should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in IoT Hubs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInIoTHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in IoT Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"sqlServerAdvancedDataSecurityMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Advanced data security should be enabled on your SQL servers\",\r\n \"description\": \"Enable or disable the monitoring of SQL servers without Advanced Data Security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Advanced data security should be enabled on your SQL managed instances\",\r\n \"description\": \"Enable or disable the monitoring of SQL managed instances without Advanced Data Security\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAdvancedDataSecurityEmailsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Advanced data security settings for SQL server should contain an email address to receive security alerts\",\r\n \"description\": \"Enable or disable the monitoring that advanced data security settings for SQL server contain at least one email address to receive security alerts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Advanced data security settings for SQL managed instance should contain an email address to receive security alerts\",\r\n \"description\": \"Enable or disable the monitoring that advanced data security settings for SQL managed instance contain at least one email address to receive security alerts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Email notifications to admins and subscription owners should be enabled in SQL server advanced data security settings\",\r\n \"description\": \"Enable or disable auditing that 'email notification to admins and subscription owners' is enabled in the SQL Server advanced threat protection settings. This ensures that any detections of anomalous activities on SQL server are reported as soon as possible to the admins.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Email notifications to admins and subscription owners should be enabled in SQL managed instance advanced data security settings\",\r\n \"description\": \"Enable or disable auditing that 'email notification to admins and subscription owners' is enabled in the SQL Server advanced threat protection settings. This ensures that any detections of anomalous activities on SQL managed instance are reported as soon as possible to the admins.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"kubernetesServiceRbacEnabledMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Role-Based Access Control (RBAC) should be used on Kubernetes Services\",\r\n \"description\": \"Enable or disable the monitoring of Kubernetes Services without RBAC enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"kubernetesServicePspEnabledMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Pod Security Policies should be defined on Kubernetes Services\",\r\n \"description\": \"Enable or disable the monitoring of Kubernetes Services without Pod Security Policy enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Authorized IP ranges should be defined on Kubernetes Services\",\r\n \"description\": \"Enable or disable the monitoring of Kubernetes Services without Authorized IP Ranges enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"kubernetesServiceVersionUpToDateMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Kubernetes Services should be upgraded to a non vulnerable Kubernetes version\",\r\n \"description\": \"Enable or disable the monitoring of the Kubernetes Services with versions that contain known vulnerabilities\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerability assessment should be enabled on your SQL managed instances\",\r\n \"description\": \"Audit SQL managed instances which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssessmentOnServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerability assessment should be enabled on your SQL servers\",\r\n \"description\": \"Audit Azure SQL servers which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"threatDetectionTypesOnManagedInstanceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Advanced Threat Protection types should be set to 'All' in SQL managed instance Advanced Data Security settings\",\r\n \"description\": \"It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"threatDetectionTypesOnServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Advanced Threat Protection types should be set to 'All' in SQL server Advanced Data Security settings\",\r\n \"description\": \"It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"adaptiveNetworkHardeningsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network Security Group Rules for Internet facing virtual machines should be hardened\",\r\n \"description\": \"Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"restrictAccessToManagementPortsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Management ports should be closed on your virtual machines\",\r\n \"description\": \"Enable or disable the monitoring of open management ports on Virtual Machines\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"restrictAccessToAppServicesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Access to App Services should be restricted\",\r\n \"description\": \"Enable or disable the monitoring of permissive network access to app-services\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"disableIPForwardingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"IP Forwarding on your virtual machine should be disabled\",\r\n \"description\": \"Enable or disable the monitoring of IP forwarding on virtual machines\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"SQL server TDE protector should be encrypted with your own key\",\r\n \"description\": \"Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"SQL managed instance TDE protector should be encrypted with your own key\",\r\n \"description\": \"Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"containerBenchmarkMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities in container security configurations should be remediated\",\r\n \"description\": \"Enable or disable container benchmark monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"ASCDependencyAgentAuditWindowsEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Dependency Agent for Windows VMs monitoring\",\r\n \"description\": \"Enable or disable Dependency Agent for Windows VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"ASCDependencyAgentAuditLinuxEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Dependency Agent for Linux VMs monitoring\",\r\n \"description\": \"Enable or disable Dependency Agent for Linux VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"vmssOsVulnerabilitiesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vmssOsVulnerabilitiesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vmssEndpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vmssEndpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vmssSystemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vmssSystemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInIoTHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInIoTHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubNamespaceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubNamespaceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessRulesInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('accessRulesInEventHubMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"useRbacRulesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('useRbacRulesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInStreamAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"secureTransferToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('secureTransferToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInSqlServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInSqlServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceBusRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"clusterProtectionLevelInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aadAuthenticationInServiceFabricMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInRedisCacheMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInKeyVaultMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInKeyVaultRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeStoreMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInDataLakeAnalyticsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicStorageAccountsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicStorageAccountsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"encryptionOfAutomationAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('encryptionOfAutomationAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSelectiveAppServicesMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSelectiveAppServicesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingActionsAndGroupsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingActionsAndGroupsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SqlServerAuditingRetentionDaysMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('SqlServerAuditingRetentionDaysMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsOnSubnetsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsOnSubnetsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"networkSecurityGroupsOnVirtualMachinesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('networkSecurityGroupsOnVirtualMachinesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemConfigurationsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemConfigurationsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('endpointProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssessmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"serverVulnerabilityAssessment\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('serverVulnerabilityAssessmentEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webApplicationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webApplicationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbDataClassificationMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbDataClassificationMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateLessThanOwnersMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateLessThanOwnersMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityDesignateMoreThanOneOwnerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppAuditFtpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppAuditFtpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppAuditFtpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppAuditFtpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppAuditFtpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppAuditFtpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppUseManagedIdentityMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppUseManagedIdentityMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppUseManagedIdentityMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppUseManagedIdentityMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppUseManagedIdentityMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppUseManagedIdentityMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRequireLatestTlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRequireLatestTlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRequireLatestTlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRequireLatestTlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRequireLatestTlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRequireLatestTlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffectV2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffectV2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffectV2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vnetEnableDDoSProtectionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vnetEnableDDoSProtectionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAdvancedDataSecurityMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAdvancedDataSecurityMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAdvancedDataSecurityEmailsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAdvancedDataSecurityEmailsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aeb23562-188d-47cb-80b8-551f16ef9fff\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlManagedInstanceAdvancedDataSecurityMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlManagedInstanceAdvancedDataSecurityMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAdvancedDataSecurityEmailAdminsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c8343d2f-fdc9-4a97-b76f-fc71d1163bfc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"kubernetesServiceRbacEnabledMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('kubernetesServiceRbacEnabledMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"kubernetesServicePspEnabledMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('kubernetesServicePspEnabledMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"kubernetesServiceVersionUpToDateMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('kubernetesServiceVersionUpToDateMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"kubernetesServiceAuthorizedIPRangesEnabledMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssessmentOnServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssessmentOnServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssessmentOnManagedInstanceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssessmentOnManagedInstanceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"threatDetectionTypesOnServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('threatDetectionTypesOnServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"threatDetectionTypesOnManagedInstanceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('threatDetectionTypesOnManagedInstanceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveNetworkHardeningsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveNetworkHardeningsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"restrictAccessToManagementPortsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('restrictAccessToManagementPortsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"restrictAccessToAppServicesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('restrictAccessToAppServicesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableIPForwardingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableIPForwardingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"containerBenchmarkMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('containerBenchmarkMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ASCDependencyAgentAuditWindowsEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('ASCDependencyAgentAuditWindowsEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ASCDependencyAgentAuditLinuxEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('ASCDependencyAgentAuditLinuxEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"1f3afdf9-d0c9-4c3d-847f-89da613e70a8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs that do not have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names (supports wildcards)\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplication')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"25ef9b72-4af2-4501-acd1-fc814e73dde1\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit UK OFFICIAL and UK NHS controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes policies that address a subset of UK OFFICIAL and UK NHS controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/ukofficial-blueprint and https://aka.ms/uknhs-blueprint\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployPrerequisitesAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVmAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmMaximumPasswordAge70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmMinimumPasswordAge1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditEnablementOfEncryptionOfAutomationAccountVariables\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditEnablingOfOnlySecureConnectionsToYourRedisCache\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVMsThatDoNotUseManagedDisks\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUseOfClassicStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUseOfClassicVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLManagedInstancesWithoutAdvancedDataSecurity\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLServersWithoutAdvancedDataSecurity\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVulnerabilityAssessmentShouldBeEnabledOnSQLManagedInstances\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVirtualMachinesWithoutDisasterRecoveryConfigured\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AudtiAdvancedThreatProtectionTypesAllInSQLManagedInstanceAdvancedDataSecuritySettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AudtiAdvancedThreatProtectionTypesAllInSQLServerAdvancedDataSecuritySettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MonitorUnprotectedNetworkEndpointsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditRemoteDebuggingStateForAFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditRemoteDebuggingStateForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditRemoteDebuggingStateForAnAPIApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditHttpsOnlyAccessForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditHttpsOnlyAccessForAFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditHttpsOnlyAccessForAnApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3937f550-eedd-4639-9c5e-294358be442e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit SWIFT CSP-CSCF v2020 controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/SWIFT-blueprint.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n },\r\n \"workspaceIDsLogAnalyticsAgentShouldConnectTo\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Connected workspace IDs\",\r\n \"description\": \"A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to\"\r\n }\r\n },\r\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to include\",\r\n \"description\": \"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n },\r\n \"domainNameFQDN\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Domain Name (FQDN)\",\r\n \"description\": \"The fully qualified domain name (FQDN) that the Windows VMs should be joined to\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MfaShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeprecatedAccountsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"FunctionAppShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"WebApplicationShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ApiAppShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DDoSProtectionStandardShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SystemUpdatesShouldBeInstalledOnYourMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AccessThroughInternetFacingEndpointShouldBeRestricted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SecureTransferToStorageAccountsShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfCustomRbacRules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVMsThatDoNotUseManagedDisks\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VirtualMachineShouldBeMigratedToNewAzureResourceManagerResources\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AutomationAccountVariablesShouldBeEncrypted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"StorageAccountsShouldBeMigratedToNewAzureResourceManagerResources\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DiagnosticLogsInAzureStreamAnalyticsShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsOnWhichTheLogAnalyticsAgentIsNotConnectedAsExpected\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a030a57e-4639-4e8f-ade9-a92f33afe7ee\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsOnWhichTheLogAnalyticsAgentIsNotConnectedAsExpected\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/68511db2-bd02-41c4-ae6b-1900a012968a\",\r\n \"parameters\": {\r\n \"WorkspaceId\": {\r\n \"value\": \"[parameters('workspaceIDsLogAnalyticsAgentShouldConnectTo')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"EnsureThatSendAlertsToIsSetInSqlServerAdvancedDataSecuritySettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDependencyAgentDeploymentInVmssVmImageOsUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSqlServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsVMsThatAreNotJoinedToTheSpecifiedDomain\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"parameters\": {\r\n \"MembersToInclude\": {\r\n \"value\": \"[parameters('listOfMembersToIncludeInWindowsVMAdministratorsGroup')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsVMsThatAreNotJoinedToTheSpecifiedDomain\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970\",\r\n \"parameters\": {\r\n \"DomainName\": {\r\n \"value\": \"[parameters('domainNameFQDN')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3e0c67fc-8c7c-406c-89bd-6b6bdc986a22\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit VMs with insecure password security settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits virtual machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MaximumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordAge\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordMustMeetComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_StorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_EnforcePasswordHistory\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MinimumPasswordLength\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_PasswordPolicy_msid232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit PCI v3.2.1:2018 controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of PCI v3.2.1:2018 controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/pciv321-init.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditDeprecatedAccountsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditExternalAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditExternalAccountsWithReadPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditExternalAccountsWithWritePermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditWindowsVmMaximumPasswordAge70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditWindowsVmShouldNotAllowPrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditHttpsOnlyAccessForAnApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditHttpsOnlyAccessForAFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditHttpsOnlyAccessForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditMaximumNumberOfOwnersForASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditMinimumNumberOfOwnersForSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorMissingSystemUpdatesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorOSVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorUnauditedSQLDatabaseInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorUnencryptedVmDisksInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"accessThroughInternetFacingEndpointShouldBeRestricted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorVmVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditEnablementOfEncryptionOfAutomationAccountVariables\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditEnablingOfOnlySecureConnectionsToYourRedisCache\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditSQLServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditUseOfClassicStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditUseOfClassicVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditTransparentDataEncryptionStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditUsageOfCustomRBACRules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"496eeda9-8f2f-4d5e-8dfd-204f0a92ed41\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Canada Federal PBMM controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of Canada Federal PBMM controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/canadafederalPBMM-blueprint\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceIdforVMReporting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n },\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n },\r\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to exclude\",\r\n \"description\": \"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n },\r\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to include\",\r\n \"description\": \"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CorsShouldNotAllowEveryResourceToAccessYourWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeprecatedAccountsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"FunctionAppShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"WebApplicationShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ApiAppShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"value\": \"[parameters('logAnalyticsWorkspaceIdforVMreporting')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DDoSProtectionStandardShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SystemUpdatesShouldBeInstalledOnYourMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DiskEncryptionShouldBeAppliedOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SecureTransferToStorageAccountsShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSqlServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVirtualMachinesWithoutDisasterRecoveryConfigured\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\r\n \"parameters\": {\r\n \"MembersToExclude\": {\r\n \"value\": \"[parameters('listOfMembersToExcludeFromWindowsVMAdministratorsGroup')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"parameters\": {\r\n \"MembersToInclude\": {\r\n \"value\": \"[parameters('listOfMembersToIncludeInWindowsVMAdministratorsGroup')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"4c4a5f27-de81-430b-b4e5-9cbd50595a87\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs on which the remote host connection status does not match the specified one\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines on which the remote host connection status does not match the specified one. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"host\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Remote Host Name\",\r\n \"description\": \"Specifies the Domain Name System (DNS) name or IP address of the remote host machine.\"\r\n }\r\n },\r\n \"port\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Port\",\r\n \"description\": \"The TCP port number on the remote host name.\"\r\n }\r\n },\r\n \"shouldConnect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Should connect to remote host\",\r\n \"description\": \"Must be 'True' or 'False'. 'True' indicates that the virtual machine should be able to establish a connection with the remote host specified, so the machine will be non-compliant if it cannot establish a connection. 'False' indicates that the virtual machine should not be able to establish a connection with the remote host specified, so the machine will be non-compliant if it can establish a connection.\"\r\n },\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"defaultValue\": \"False\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsRemoteConnection\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5bb36dda-8a78-4df9-affd-4f05a8612a8a\",\r\n \"parameters\": {\r\n \"host\": {\r\n \"value\": \"[parameters('host')]\"\r\n },\r\n \"port\": {\r\n \"value\": \"[parameters('port')]\"\r\n },\r\n \"shouldConnect\": {\r\n \"value\": \"[parameters('shouldConnect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsRemoteConnection\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/02a84be7-c304-421f-9bb7-5d2c26af54ad\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/4ddaefff-7c78-4824-9b27-5c344f3cdf90\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"4ddaefff-7c78-4824-9b27-5c344f3cdf90\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs that are not set to the specified time zone\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines that are not set to the specified time zone. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"TimeZone\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Time zone\",\r\n \"description\": \"The expected time zone\"\r\n },\r\n \"allowedValues\": [\r\n \"(UTC-12:00) International Date Line West\",\r\n \"(UTC-11:00) Coordinated Universal Time-11\",\r\n \"(UTC-10:00) Aleutian Islands\",\r\n \"(UTC-10:00) Hawaii\",\r\n \"(UTC-09:30) Marquesas Islands\",\r\n \"(UTC-09:00) Alaska\",\r\n \"(UTC-09:00) Coordinated Universal Time-09\",\r\n \"(UTC-08:00) Baja California\",\r\n \"(UTC-08:00) Coordinated Universal Time-08\",\r\n \"(UTC-08:00) Pacific Time (US & Canada)\",\r\n \"(UTC-07:00) Arizona\",\r\n \"(UTC-07:00) Chihuahua, La Paz, Mazatlan\",\r\n \"(UTC-07:00) Mountain Time (US & Canada)\",\r\n \"(UTC-06:00) Central America\",\r\n \"(UTC-06:00) Central Time (US & Canada)\",\r\n \"(UTC-06:00) Easter Island\",\r\n \"(UTC-06:00) Guadalajara, Mexico City, Monterrey\",\r\n \"(UTC-06:00) Saskatchewan\",\r\n \"(UTC-05:00) Bogota, Lima, Quito, Rio Branco\",\r\n \"(UTC-05:00) Chetumal\",\r\n \"(UTC-05:00) Eastern Time (US & Canada)\",\r\n \"(UTC-05:00) Haiti\",\r\n \"(UTC-05:00) Havana\",\r\n \"(UTC-05:00) Indiana (East)\",\r\n \"(UTC-05:00) Turks and Caicos\",\r\n \"(UTC-04:00) Asuncion\",\r\n \"(UTC-04:00) Atlantic Time (Canada)\",\r\n \"(UTC-04:00) Caracas\",\r\n \"(UTC-04:00) Cuiaba\",\r\n \"(UTC-04:00) Georgetown, La Paz, Manaus, San Juan\",\r\n \"(UTC-04:00) Santiago\",\r\n \"(UTC-03:30) Newfoundland\",\r\n \"(UTC-03:00) Araguaina\",\r\n \"(UTC-03:00) Brasilia\",\r\n \"(UTC-03:00) Cayenne, Fortaleza\",\r\n \"(UTC-03:00) City of Buenos Aires\",\r\n \"(UTC-03:00) Greenland\",\r\n \"(UTC-03:00) Montevideo\",\r\n \"(UTC-03:00) Punta Arenas\",\r\n \"(UTC-03:00) Saint Pierre and Miquelon\",\r\n \"(UTC-03:00) Salvador\",\r\n \"(UTC-02:00) Coordinated Universal Time-02\",\r\n \"(UTC-02:00) Mid-Atlantic - Old\",\r\n \"(UTC-01:00) Azores\",\r\n \"(UTC-01:00) Cabo Verde Is.\",\r\n \"(UTC) Coordinated Universal Time\",\r\n \"(UTC+00:00) Dublin, Edinburgh, Lisbon, London\",\r\n \"(UTC+00:00) Monrovia, Reykjavik\",\r\n \"(UTC+00:00) Sao Tome\",\r\n \"(UTC+01:00) Casablanca\",\r\n \"(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna\",\r\n \"(UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague\",\r\n \"(UTC+01:00) Brussels, Copenhagen, Madrid, Paris\",\r\n \"(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb\",\r\n \"(UTC+01:00) West Central Africa\",\r\n \"(UTC+02:00) Amman\",\r\n \"(UTC+02:00) Athens, Bucharest\",\r\n \"(UTC+02:00) Beirut\",\r\n \"(UTC+02:00) Cairo\",\r\n \"(UTC+02:00) Chisinau\",\r\n \"(UTC+02:00) Damascus\",\r\n \"(UTC+02:00) Gaza, Hebron\",\r\n \"(UTC+02:00) Harare, Pretoria\",\r\n \"(UTC+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius\",\r\n \"(UTC+02:00) Jerusalem\",\r\n \"(UTC+02:00) Kaliningrad\",\r\n \"(UTC+02:00) Khartoum\",\r\n \"(UTC+02:00) Tripoli\",\r\n \"(UTC+02:00) Windhoek\",\r\n \"(UTC+03:00) Baghdad\",\r\n \"(UTC+03:00) Istanbul\",\r\n \"(UTC+03:00) Kuwait, Riyadh\",\r\n \"(UTC+03:00) Minsk\",\r\n \"(UTC+03:00) Moscow, St. Petersburg\",\r\n \"(UTC+03:00) Nairobi\",\r\n \"(UTC+03:30) Tehran\",\r\n \"(UTC+04:00) Abu Dhabi, Muscat\",\r\n \"(UTC+04:00) Astrakhan, Ulyanovsk\",\r\n \"(UTC+04:00) Baku\",\r\n \"(UTC+04:00) Izhevsk, Samara\",\r\n \"(UTC+04:00) Port Louis\",\r\n \"(UTC+04:00) Saratov\",\r\n \"(UTC+04:00) Tbilisi\",\r\n \"(UTC+04:00) Volgograd\",\r\n \"(UTC+04:00) Yerevan\",\r\n \"(UTC+04:30) Kabul\",\r\n \"(UTC+05:00) Ashgabat, Tashkent\",\r\n \"(UTC+05:00) Ekaterinburg\",\r\n \"(UTC+05:00) Islamabad, Karachi\",\r\n \"(UTC+05:00) Qyzylorda\",\r\n \"(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi\",\r\n \"(UTC+05:30) Sri Jayawardenepura\",\r\n \"(UTC+05:45) Kathmandu\",\r\n \"(UTC+06:00) Astana\",\r\n \"(UTC+06:00) Dhaka\",\r\n \"(UTC+06:00) Omsk\",\r\n \"(UTC+06:30) Yangon (Rangoon)\",\r\n \"(UTC+07:00) Bangkok, Hanoi, Jakarta\",\r\n \"(UTC+07:00) Barnaul, Gorno-Altaysk\",\r\n \"(UTC+07:00) Hovd\",\r\n \"(UTC+07:00) Krasnoyarsk\",\r\n \"(UTC+07:00) Novosibirsk\",\r\n \"(UTC+07:00) Tomsk\",\r\n \"(UTC+08:00) Beijing, Chongqing, Hong Kong, Urumqi\",\r\n \"(UTC+08:00) Irkutsk\",\r\n \"(UTC+08:00) Kuala Lumpur, Singapore\",\r\n \"(UTC+08:00) Perth\",\r\n \"(UTC+08:00) Taipei\",\r\n \"(UTC+08:00) Ulaanbaatar\",\r\n \"(UTC+08:45) Eucla\",\r\n \"(UTC+09:00) Chita\",\r\n \"(UTC+09:00) Osaka, Sapporo, Tokyo\",\r\n \"(UTC+09:00) Pyongyang\",\r\n \"(UTC+09:00) Seoul\",\r\n \"(UTC+09:00) Yakutsk\",\r\n \"(UTC+09:30) Adelaide\",\r\n \"(UTC+09:30) Darwin\",\r\n \"(UTC+10:00) Brisbane\",\r\n \"(UTC+10:00) Canberra, Melbourne, Sydney\",\r\n \"(UTC+10:00) Guam, Port Moresby\",\r\n \"(UTC+10:00) Hobart\",\r\n \"(UTC+10:00) Vladivostok\",\r\n \"(UTC+10:30) Lord Howe Island\",\r\n \"(UTC+11:00) Bougainville Island\",\r\n \"(UTC+11:00) Chokurdakh\",\r\n \"(UTC+11:00) Magadan\",\r\n \"(UTC+11:00) Norfolk Island\",\r\n \"(UTC+11:00) Sakhalin\",\r\n \"(UTC+11:00) Solomon Is., New Caledonia\",\r\n \"(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky\",\r\n \"(UTC+12:00) Auckland, Wellington\",\r\n \"(UTC+12:00) Coordinated Universal Time+12\",\r\n \"(UTC+12:00) Fiji\",\r\n \"(UTC+12:00) Petropavlovsk-Kamchatsky - Old\",\r\n \"(UTC+12:45) Chatham Islands\",\r\n \"(UTC+13:00) Coordinated Universal Time+13\",\r\n \"(UTC+13:00) Nuku'alofa\",\r\n \"(UTC+13:00) Samoa\",\r\n \"(UTC+14:00) Kiritimati Island\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTimeZone\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c21f7060-c148-41cf-a68b-0ab3e14c764c\",\r\n \"parameters\": {\r\n \"TimeZone\": {\r\n \"value\": \"[parameters('TimeZone')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTimeZone\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f658460-46b7-43af-8565-94fc0662be38\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/538942d3-3fae-4fb6-9d94-744f9a51e7da\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"538942d3-3fae-4fb6-9d94-744f9a51e7da\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VMs\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VM_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"55f3eceb-5573-4f18-9695-226972c6d74a\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs that are not joined to the specified domain\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines that are not joined to the specified domain. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"DomainName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Domain Name (FQDN)\",\r\n \"description\": \"The fully qualified domain name (FQDN) that the Windows VMs should be joined to\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsDomainMembership\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/315c850a-272d-4502-8935-b79010405970\",\r\n \"parameters\": {\r\n \"DomainName\": {\r\n \"value\": \"[parameters('DomainName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsDomainMembership\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a29ee95c-0395-4515-9851-cc04ffe82a91\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/6b3c1e80-8ae5-405b-b021-c23d13b3959f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"6b3c1e80-8ae5-405b-b021-c23d13b3959f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Azure Monitor for VM Scale Sets (VMSS)\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable Azure Monitor for the VM Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances.\",\r\n \"metadata\": {\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics_1\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"listOfImageIdToInclude_windows\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Windows OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Optional: List of VM images that have supported Linux OS to add to scope\",\r\n \"description\": \"Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'\"\r\n },\r\n \"defaultValue\": []\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalyticsExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics_1')]\"\r\n },\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Windows_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgentExtension_Linux_VMSS_Deploy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"LogAnalytics_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DependencyAgent_OSImage_VMSS_Audit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {\r\n \"listOfImageIdToInclude_windows\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_windows')]\"\r\n },\r\n \"listOfImageIdToInclude_linux\": {\r\n \"value\": \"[parameters('listOfImageIdToInclude_linux')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"75714362-cae7-409e-9b99-a8e5075b7fad\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit ISO 27001:2013 controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of ISO 27001:2013 controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/iso27001-blueprint.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\",\r\n \"strongType\": \"resourceTypes\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDependencyAgentDeploymentVmImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDependencyAgentDeploymentInVMSSVmImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditLinuxVmPasswdFilePermissions\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAnApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVmAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentVmImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditMaximumNumberOfOwnersForASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditMinimumNumberOfOwnersForSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmEnforcesPasswordComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmMaximumPasswordAge70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmMinimumPasswordAge1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmPasswordsMustBeAtLeast14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmShouldNotAllowPrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnauditedSQLDatabaseInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnencryptedVmDisksInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnprotectedWebApplicationInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorVmVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditEnablementOfEncryptionOfAutomationAccountVariables\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditEnablingOfOnlySecureConnectionsToYourRedisCache\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditTheSettingOfClusterprotectionlevelPropertyToEncryptandsignInServiceFabric\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditTransparentDataEncryptionStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfCustomRBACRules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUseOfClassicStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUseOfClassicVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVMsThatDoNotUseManagedDisks\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"89c6cddc-1c73-4ac1-b19c-54d1a15a42f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows web servers that are not using secure communication protocols\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"MinimumTLSVersion\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Minimum TLS version\",\r\n \"description\": \"The minimum TLS protocol version that should be enabled. Windows web servers with lower TLS versions will be marked as non-compliant.\"\r\n },\r\n \"allowedValues\": [\r\n \"1.1\",\r\n \"1.2\"\r\n ],\r\n \"defaultValue\": \"1.1\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"parameters\": {\r\n \"MinimumTLSVersion\": {\r\n \"value\": \"[parameters('MinimumTLSVersion')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsTLS\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8bc55e6b-e9d5-4266-8dac-f688d151ec9c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs on which the specified services are not installed and 'Running'\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines on which the specified services are not installed and 'Running'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ServiceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Service names (supports wildcards)\",\r\n \"description\": \"A semicolon-separated list of the names of the services that should be installed and 'Running'. e.g. 'WinRm;Wi*'\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsServiceStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32b1e4d4-6cd5-47b4-a935-169da8a5c262\",\r\n \"parameters\": {\r\n \"ServiceName\": {\r\n \"value\": \"[parameters('ServiceName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsServiceStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c2dd2a9a-8a20-4a9c-b8d6-f17ccc26939a\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/8eeec860-e2fa-4f89-a669-84942c57225f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"8eeec860-e2fa-4f89-a669-84942c57225f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Motion Picture Association of America (MPAA) controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/mpaa-blueprint\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"certificateThumbprints\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints that should exist under the Trusted Root\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints that should exist under the Trusted Root certificate store (Cert:\\\\LocalMachine\\\\Root). e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n }\r\n },\r\n \"applicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names to be installed on VMs\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should be installed. e.g. 'python; powershell'\"\r\n }\r\n },\r\n \"storagePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account to deploy diagnostic settings for Network Security Groups\",\r\n \"description\": \"This prefix will be combined with the network security group location to form the created storage account name.\"\r\n }\r\n },\r\n \"rgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist) to deploy diagnostic settings for Network Security Groups\",\r\n \"description\": \"The resource group that the storage account will be created in. This resource group must already exist.\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Disk encryption should be applied on virtual machines\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenterEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor unencrypted SQL database in Azure Security Center\",\r\n \"description\": \"Enable or disable monitoring of unencrypted SQL databases in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"metricName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric name on which alert rules should be configured in Batch accounts\",\r\n \"description\": \"The metric name that an alert rule must be enabled on\"\r\n }\r\n },\r\n \"metricAlertsInBatchAccountPoolDeleteStartEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Metric alert rules should be configured on Batch accounts\",\r\n \"description\": \"Enable or disable monitoring of metric alert rules on Batch account to enable the required metric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInLogicAppsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Logic Apps should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Logic Apps workflows\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of diagnostic logs in Logic Apps workflows\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"vmssOsVulnerabilitiesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities in security configuration on your virtual machine scale sets should be remediated\",\r\n \"description\": \"Enable or disable monitoring of virtual machine scale sets OS vulnerabilities \"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies\",\r\n \"description\": \"Specifies whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. It enables or disables certificate rules (a type of software restriction policies rule). For certificate rules to take effect in software restriction policies, you must enable this policy setting.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"vulnerabilityAssessmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities should be remediated by a Vulnerability Assessment solution\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"usersOrGroupsThatMayAccessThisComputerFromTheNetwork\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may access this computer from the network\",\r\n \"description\": \"Specifies which remote users on the network are permitted to connect to the computer. This does not include Remote Desktop Connection.\"\r\n },\r\n \"defaultValue\": \"Administrators, Authenticated Users\"\r\n },\r\n \"usersOrGroupsThatMayLogOnLocally\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may log on locally\",\r\n \"description\": \"Specifies which users or groups can interactively log on to the computer. Users who attempt to log on via Remote Desktop Connection or IIS also require this user right.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"usersOrGroupsThatMayLogOnThroughRemoteDesktopServices\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may log on through Remote Desktop Services\",\r\n \"description\": \"Specifies which users or groups are permitted to log on as a Terminal Services client, Remote Desktop, or for Remote Assistance.\"\r\n },\r\n \"defaultValue\": \"Administrators, Remote Desktop Users\"\r\n },\r\n \"usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied access from the network\",\r\n \"description\": \"Specifies which users or groups are explicitly prohibited from connecting across the network.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"usersOrGroupsThatMayManageAuditingAndSecurityLog\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may manage auditing and security log\",\r\n \"description\": \"Specifies users and groups permitted to change the auditing options for files and directories and clear the Security log.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"usersOrGroupsThatMayBackUpFilesAndDirectories\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may back up files and directories\",\r\n \"description\": \"Specifies users and groups allowed to circumvent file and directory permissions to back up the system.\"\r\n },\r\n \"defaultValue\": \"Administrators, Backup Operators\"\r\n },\r\n \"usersOrGroupsThatMayChangeTheSystemTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may change the system time\",\r\n \"description\": \"Specifies which users and groups are permitted to change the time and date on the internal clock of the computer.\"\r\n },\r\n \"defaultValue\": \"Administrators, LOCAL SERVICE\"\r\n },\r\n \"usersOrGroupsThatMayChangeTheTimeZone\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may change the time zone\",\r\n \"description\": \"Specifies which users and groups are permitted to change the time zone of the computer.\"\r\n },\r\n \"defaultValue\": \"Administrators, LOCAL SERVICE\"\r\n },\r\n \"usersOrGroupsThatMayCreateATokenObject\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may create a token object\",\r\n \"description\": \"Specifies which users and groups are permitted to create an access token, which may provide elevated rights to access sensitive data.\"\r\n },\r\n \"defaultValue\": \"No One\"\r\n },\r\n \"usersAndGroupsThatAreDeniedLoggingOnAsABatchJob\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied logging on as a batch job\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer as a batch job (i.e. scheduled task).\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"usersAndGroupsThatAreDeniedLoggingOnAsAService\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied logging on as a service\",\r\n \"description\": \"Specifies which service accounts are explicitly not permitted to register a process as a service.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"usersAndGroupsThatAreDeniedLocalLogon\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied local logon\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied log on through Remote Desktop Services\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer via Terminal Services/Remote Desktop Client.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"userAndGroupsThatMayForceShutdownFromARemoteSystem\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"User and groups that may force shutdown from a remote system\",\r\n \"description\": \"Specifies which users and groups are permitted to shut down the computer from a remote location on the network.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"usersAndGroupsThatMayRestoreFilesAndDirectories\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that may restore files and directories\",\r\n \"description\": \"Specifies which users and groups are permitted to bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories.\"\r\n },\r\n \"defaultValue\": \"Administrators, Backup Operators\"\r\n },\r\n \"usersAndGroupsThatMayShutDownTheSystem\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that may shut down the system\",\r\n \"description\": \"Specifies which users and groups who are logged on locally to the computers in your environment are permitted to shut down the operating system with the Shut Down command.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may take ownership of files or other objects\",\r\n \"description\": \"Specifies which users and groups are permitted to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System updates should be installed on your machines\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAuditingRetentionDaysMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"SQL servers should be configured with auditing retention days greater than 90 days\",\r\n \"description\": \"Enable or disable the monitoring of SQL servers with auditing retention period less than 90\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"windowsFirewallDomainUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Domain profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Domain profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowsFirewallDomainDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowsFirewallPrivateUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Private profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Private profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowsFirewallPrivateDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowsFirewallPublicUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Public profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Public profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowsFirewallPublicDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowsFirewallDomainAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Domain: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowsFirewallPrivateAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Private: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Private profile.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowsFirewallPublicAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Public: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"MFA should be enabled on accounts with write permissions in your subscription\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"namespaceAuthorizationRulesInServiceBusMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace\",\r\n \"description\": \"Enable or disable the monitoring of Service Bus namespace authorization rules\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"kubernetesServiceRbacEnabledMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Role-Based Access Control (RBAC) should be used on Kubernetes Services\",\r\n \"description\": \"Enable or disable the monitoring of Kubernetes Services without RBAC enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Search services should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"microsoftNetworkClientDigitallySignCommunicationsAlways\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network client: Digitally sign communications (always)\",\r\n \"description\": \"Specifies whether packet signing is required by the SMB client component.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"microsoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network client: Send unencrypted password to third-party SMB servers\",\r\n \"description\": \"Specifies whether the SMB redirector will send plaintext passwords during authentication to third-party SMB servers that do not support password encryption. It is recommended that you disable this policy setting unless there is a strong business case to enable it.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"microsoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Amount of idle time required before suspending session\",\r\n \"description\": \"Specifies the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity. The format of the value is two integers separated by a comma, denoting an inclusive range.\"\r\n },\r\n \"defaultValue\": \"1,15\"\r\n },\r\n \"microsoftNetworkServerDigitallySignCommunicationsAlways\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Digitally sign communications (always)\",\r\n \"description\": \"Specifies whether packet signing is required by the SMB server component.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"microsoftNetworkServerDisconnectClientsWhenLogonHoursExpire\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Disconnect clients when logon hours expire\",\r\n \"description\": \"Specifies whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. If you enable this policy setting you should also enable 'Network security: Force logoff when logon hours expire'\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"disableIPForwardingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"IP Forwarding on your virtual machine should be disabled\",\r\n \"description\": \"Enable or disable the monitoring of IP forwarding on virtual machines\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"threatDetectionTypesOnManagedInstanceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Advanced Threat Protection types should be set to 'All' in SQL managed instance Advanced Data Security settings\",\r\n \"description\": \"It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"certificateStorePath\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate store path containing the certificates to be checked for expiration\",\r\n \"description\": \"The path to the certificate store containing the certificates to check the expiration dates of. Default value is 'Cert:' which is the root certificate store path, so all certificates on the machine will be checked. Other example paths: 'Cert:\\\\LocalMachine', 'Cert:\\\\LocalMachine\\\\TrustedPublisher', 'Cert:\\\\CurrentUser'\"\r\n },\r\n \"defaultValue\": \"Cert:\"\r\n },\r\n \"expirationLimitInDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expiration limit in days for certificates that are expiring under specified certificate store path\",\r\n \"description\": \"An integer indicating the number of days within which to check for certificates that are expiring. For example, if this value is 30, any certificate expiring within the next 30 days will cause this policy to be non-compliant.\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"certificateThumbprintsToInclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints to include while checking for expired certificates under specified certificate store path\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints to check under the specified path. If a value is not specified, all certificates under the certificate store path will be checked. If a value is specified, no certificates other than those with the thumbprints specified will be checked. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"certificateThumbprintsToExclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints to exclude while checking for expired certificates under specified certificate store path\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints to ignore while checking expired certificates. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"includeExpiredCertificates\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Include already expired certificates while checking for expired certificates under specified certificate store path\",\r\n \"description\": \"Must be 'true' or 'false'. True indicates that any found certificates that have already expired will also make this policy non-compliant. False indicates that certificates that have expired will be be ignored under specified certificate store path.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"recoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery console: Allow floppy copy and access to all drives and all folders\",\r\n \"description\": \"Specifies whether to make the Recovery Console SET command available, which allows setting of recovery console environment variables.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"accountsGuestAccountStatus\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Accounts: Guest account status\",\r\n \"description\": \"Specifies whether the local Guest account is disabled.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"networkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Remotely accessible registry paths\",\r\n \"description\": \"Specifies which registry paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key.\"\r\n },\r\n \"defaultValue\": \"System\\\\CurrentControlSet\\\\Control\\\\ProductOptions|#|System\\\\CurrentControlSet\\\\Control\\\\Server Applications|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\"\r\n },\r\n \"networkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Remotely accessible registry paths and sub-paths\",\r\n \"description\": \"Specifies which registry paths and sub-paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key.\"\r\n },\r\n \"defaultValue\": \"System\\\\CurrentControlSet\\\\Control\\\\Print\\\\Printers|#|System\\\\CurrentControlSet\\\\Services\\\\Eventlog|#|Software\\\\Microsoft\\\\OLAP Server|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Print|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows|#|System\\\\CurrentControlSet\\\\Control\\\\ContentIndex|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\UserConfig|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\DefaultUserConfiguration|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Perflib|#|System\\\\CurrentControlSet\\\\Services\\\\SysmonLog\"\r\n },\r\n \"networkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Shares that can be accessed anonymously\",\r\n \"description\": \"Specifies which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscriptionEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"External accounts with owner permissions should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities on your SQL databases should be remediated\",\r\n \"description\": \"Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deployWindowsCertificateInTrustedRoot\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5\",\r\n \"parameters\": {\r\n \"certificateThumbprints\": {\r\n \"value\": \"[parameters('CertificateThumbprints')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('previewMonitorUnencryptedSQLDatabaseInAzureSecurityCenterEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"metricAlertsInBatchAccountPoolDeleteStart\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('metricAlertsInBatchAccountPoolDeleteStartEffect')]\"\r\n },\r\n \"metricName\": {\r\n \"value\": \"[parameters('MetricName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditAzureBaselineSecurityOptionsNetworkAccess\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInLogicAppsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('RequiredRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vmssOsVulnerabilitiesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vmssOsVulnerabilitiesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deployAzureBaselineSecurityOptionsSystemsettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5\",\r\n \"parameters\": {\r\n \"systemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies\": {\r\n \"value\": \"[parameters('SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deployInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"applicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditWindowsVmPasswordsMustBeAtLeast14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssessmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssessmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deployAzureBaselineUserRightsAssignment\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24\",\r\n \"parameters\": {\r\n \"usersOrGroupsThatMayAccessThisComputerFromTheNetwork\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayAccessThisComputerFromTheNetwork')]\"\r\n },\r\n \"usersOrGroupsThatMayLogOnLocally\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnLocally')]\"\r\n },\r\n \"usersOrGroupsThatMayLogOnThroughRemoteDesktopServices\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n \"usersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork')]\"\r\n },\r\n \"usersOrGroupsThatMayManageAuditingAndSecurityLog\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayManageAuditingAndSecurityLog')]\"\r\n },\r\n \"usersOrGroupsThatMayBackUpFilesAndDirectories\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayBackUpFilesAndDirectories')]\"\r\n },\r\n \"usersOrGroupsThatMayChangeTheSystemTime\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheSystemTime')]\"\r\n },\r\n \"usersOrGroupsThatMayChangeTheTimeZone\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheTimeZone')]\"\r\n },\r\n \"usersOrGroupsThatMayCreateATokenObject\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayCreateATokenObject')]\"\r\n },\r\n \"usersAndGroupsThatAreDeniedLoggingOnAsABatchJob\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob')]\"\r\n },\r\n \"usersAndGroupsThatAreDeniedLoggingOnAsAService\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsAService')]\"\r\n },\r\n \"usersAndGroupsThatAreDeniedLocalLogon\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLocalLogon')]\"\r\n },\r\n \"usersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n \"userAndGroupsThatMayForceShutdownFromARemoteSystem\": {\r\n \"value\": \"[parameters('UserAndGroupsThatMayForceShutdownFromARemoteSystem')]\"\r\n },\r\n \"usersAndGroupsThatMayRestoreFilesAndDirectories\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatMayRestoreFilesAndDirectories')]\"\r\n },\r\n \"usersAndGroupsThatMayShutDownTheSystem\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatMayShutDownTheSystem')]\"\r\n },\r\n \"usersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableIPForwardingForNetworkInterfaces\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlServerAuditingRetentionDaysMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlServerAuditingRetentionDaysMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditAzureBaselineSecurityOptionsSystemsettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditAzureBaselineWindowsFirewallProperties\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deployAzureBaselineWindowsFirewallProperties\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9\",\r\n \"parameters\": {\r\n \"windowsFirewallDomainUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainUseProfileSettings')]\"\r\n },\r\n \"windowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainBehaviorForOutboundConnections')]\"\r\n },\r\n \"windowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"windowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalFirewallRules')]\"\r\n },\r\n \"windowsFirewallDomainDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainDisplayNotifications')]\"\r\n },\r\n \"windowsFirewallPrivateUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateUseProfileSettings')]\"\r\n },\r\n \"windowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections')]\"\r\n },\r\n \"windowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"windowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalFirewallRules')]\"\r\n },\r\n \"windowsFirewallPrivateDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateDisplayNotifications')]\"\r\n },\r\n \"windowsFirewallPublicUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicUseProfileSettings')]\"\r\n },\r\n \"windowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicBehaviorForOutboundConnections')]\"\r\n },\r\n \"windowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"windowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalFirewallRules')]\"\r\n },\r\n \"windowsFirewallPublicDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicDisplayNotifications')]\"\r\n },\r\n \"windowsFirewallDomainAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainAllowUnicastResponse')]\"\r\n },\r\n \"windowsFirewallPrivateAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateAllowUnicastResponse')]\"\r\n },\r\n \"windowsFirewallPublicAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicAllowUnicastResponse')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditCertificateExpiration\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9328f27e-611e-44a7-a244-39109d7d35ab\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"namespaceAuthorizationRulesInServiceBusMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('namespaceAuthorizationRulesInServiceBusMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"kubernetesServiceRbacEnabledMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('kubernetesServiceRbacEnabledMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('RequiredRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditAzureBaselineSecurityOptionsAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditAzureBaselineSecurityOptionsRecoveryconsole\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deployAzureBaselineSecurityOptionsMicrosoftNetworkClient\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bbcdd8fa-b600-4ee3-85b8-d184e3339652\",\r\n \"parameters\": {\r\n \"microsoftNetworkClientDigitallySignCommunicationsAlways\": {\r\n \"value\": \"[parameters('MicrosoftNetworkClientDigitallySignCommunicationsAlways')]\"\r\n },\r\n \"microsoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers\": {\r\n \"value\": \"[parameters('MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers')]\"\r\n },\r\n \"microsoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession')]\"\r\n },\r\n \"microsoftNetworkServerDigitallySignCommunicationsAlways\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerDigitallySignCommunicationsAlways')]\"\r\n },\r\n \"microsoftNetworkServerDisconnectClientsWhenLogonHoursExpire\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableIPForwardingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableIPForwardingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"threatDetectionTypesOnManagedInstanceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('threatDetectionTypesOnManagedInstanceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deployCertificateExpiration\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8\",\r\n \"parameters\": {\r\n \"certificateStorePath\": {\r\n \"value\": \"[parameters('CertificateStorePath')]\"\r\n },\r\n \"expirationLimitInDays\": {\r\n \"value\": \"[parameters('ExpirationLimitInDays')]\"\r\n },\r\n \"certificateThumbprintsToInclude\": {\r\n \"value\": \"[parameters('CertificateThumbprintsToInclude')]\"\r\n },\r\n \"certificateThumbprintsToExclude\": {\r\n \"value\": \"[parameters('CertificateThumbprintsToExclude')]\"\r\n },\r\n \"includeExpiredCertificates\": {\r\n \"value\": \"[parameters('IncludeExpiredCertificates')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditAzureBaselineUserRightsAssignment\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c961dac9-5916-42e8-8fb1-703148323994\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deployDiagnosticSettingsforNetworkSecurityGroups\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('StoragePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('RgName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deployAzureBaselineSecurityOptionsRecoveryconsole\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b\",\r\n \"parameters\": {\r\n \"recoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"value\": \"[parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deployAzureBaselineSecurityOptionsAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3\",\r\n \"parameters\": {\r\n \"accountsGuestAccountStatus\": {\r\n \"value\": \"[parameters('AccountsGuestAccountStatus')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditWindowsCertificateInTrustedRoot\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deployAzureBaselineSecurityOptionsNetworkAccess\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a\",\r\n \"parameters\": {\r\n \"networkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPaths')]\"\r\n },\r\n \"networkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths')]\"\r\n },\r\n \"networkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"value\": \"[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('externalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscriptionEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditAzureBaselineSecurityOptionsMicrosoftNetworkClient\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"sqlDbVulnerabilityAssesmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"92646f03-e39d-47a9-9e24-58d60ef49af8\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Enable Data Protection Suite\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.\",\r\n \"metadata\": {\r\n \"category\": \"Security Center\"\r\n },\r\n \"parameters\": {},\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"deployThreatDetectionOnSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5\",\r\n \"parameters\": {}\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs on which Windows Defender Exploit Guard is not enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines on which Windows Defender Exploit Guard is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"NotAvailableMachineState\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"State in which to show VMs on which Windows Defender Exploit Guard is not available\",\r\n \"description\": \"Windows Defender Exploit Guard is only available starting with Windows 10/Windows Server with update 1709. Setting this value to 'Non-Compliant' will make machines with older versions on which Windows Defender Exploit Guard is not available (such as Windows Server 2012 R2) non-compliant. Setting this value to 'Compliant' will make these machines compliant.\"\r\n },\r\n \"allowedValues\": [\r\n \"Compliant\",\r\n \"Non-Compliant\"\r\n ],\r\n \"defaultValue\": \"Non-Compliant\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsDefenderExploitGuard\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a7a2bcf-f9be-4e35-9734-4f9657a70f1d\",\r\n \"parameters\": {\r\n \"NotAvailableMachineState\": {\r\n \"value\": \"[parameters('NotAvailableMachineState')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsDefenderExploitGuard\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0d9b45ff-9ddd-43fc-bf59-fbd1c8423053\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/9d2fd8e6-95c8-410d-add0-43ada4241574\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"9d2fd8e6-95c8-410d-add0-43ada4241574\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit HITRUST/HIPAA controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. https://aka.ms/hipaa-blueprint\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"installedApplicationsOnWindowsVM\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names (supports wildcards)\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')\"\r\n }\r\n },\r\n \"DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Prefix for Regional Storage Account to deploy diagnostic settings for Network Security Groups\",\r\n \"description\": \"This prefix will be combined with the network security group location to form the created storage account name.\"\r\n }\r\n },\r\n \"DeployDiagnosticSettingsforNetworkSecurityGroupsrgName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name for Storage Account (must exist) to deploy diagnostic settings for Network Security Groups\",\r\n \"description\": \"The resource group that the storage account will be created in. This resource group must already exist.\",\r\n \"strongType\": \"ExistingResourceGroups\"\r\n }\r\n },\r\n \"diagnosticsLogsInBatchAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Batch accounts should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Batch accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInBatchAccountRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) for logs in Batch accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"SQL managed instance TDE protector should be encrypted with your own key\",\r\n \"description\": \"Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Disk encryption should be applied on virtual machines\",\r\n \"description\": \"Enable or disable the monitoring for VM disk encryption\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Search services should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Azure Search service\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInSearchServiceRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Azure Search service\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerability assessment should be enabled on your SQL managed instances\",\r\n \"description\": \"Audit SQL managed instances which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssesmentMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities should be remediated by a Vulnerability Assessment solution\",\r\n \"description\": \"Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"EnableInsecureGuestLogons\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable insecure guest logons\",\r\n \"description\": \"Specifies whether the SMB client will allow insecure guest logons to an SMB server.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow simultaneous connections to the Internet or a Windows Domain\",\r\n \"description\": \"Specify whether to prevent computers from connecting to both a domain based network and a non-domain based network at the same time. A value of 0 allows simultaneous connections, and a value of 1 blocks them.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"TurnOffMulticastNameResolution\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Turn off multicast name resolution\",\r\n \"description\": \"Specifies whether LLMNR, a secondary name resolution protocol that transmits using multicast over a local subnet link on a single subnet, is enabled.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Access through Internet facing endpoint should be restricted\",\r\n \"description\": \"Enable or disable overly permissive inbound NSG rules monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"SQL server TDE protector should be encrypted with your own key\",\r\n \"description\": \"Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Remote debugging should be turned off for API App\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for API App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"classicComputeVMsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Virtual machines should be migrated to new Azure Resource Manager resources\",\r\n \"description\": \"Enable or disable the monitoring of classic compute VMs\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Deny\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit unrestricted network access to storage accounts\",\r\n \"description\": \"Enable or disable the monitoring of network access to storage account\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Adaptive Application Controls should be enabled on virtual machines\",\r\n \"description\": \"Enable or disable the monitoring of application whitelisting in Azure Security Center\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Remotely accessible registry paths\",\r\n \"description\": \"Specifies which registry paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key.\"\r\n },\r\n \"defaultValue\": \"System\\\\CurrentControlSet\\\\Control\\\\ProductOptions|#|System\\\\CurrentControlSet\\\\Control\\\\Server Applications|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Remotely accessible registry paths and sub-paths\",\r\n \"description\": \"Specifies which registry paths and sub-paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key.\"\r\n },\r\n \"defaultValue\": \"System\\\\CurrentControlSet\\\\Control\\\\Print\\\\Printers|#|System\\\\CurrentControlSet\\\\Services\\\\Eventlog|#|Software\\\\Microsoft\\\\OLAP Server|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Print|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows|#|System\\\\CurrentControlSet\\\\Control\\\\ContentIndex|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\UserConfig|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\DefaultUserConfiguration|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Perflib|#|System\\\\CurrentControlSet\\\\Services\\\\SysmonLog\"\r\n },\r\n \"NetworkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Shares that can be accessed anonymously\",\r\n \"description\": \"Specifies which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Remote debugging should be turned off for Web Application\",\r\n \"description\": \"Enable or disable the monitoring of remote debugging for Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffectV2\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"API App should only be accessible over HTTPS V2\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in API App V2\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"MFA should be enabled accounts with write permissions on your subscription\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Just-In-Time network access control should be applied on virtual machines\",\r\n \"description\": \"Enable or disable the monitoring of network just In time access\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"MFA should be enabled on accounts with owner permissions on your subscription\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"kubernetesServiceRbacEnabledMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Role-Based Access Control (RBAC) should be used on Kubernetes Services\",\r\n \"description\": \"Enable or disable the monitoring of Kubernetes Services without RBAC enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"restrictAccessToManagementPortsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Management ports should be closed on your virtual machines\",\r\n \"description\": \"Enable or disable the monitoring of open management ports on Virtual Machines\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vmssOsVulnerabilitiesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerabilities in security configuration on your virtual machine scale sets should be remediated\",\r\n \"description\": \"Enable or disable virtual machine scale sets OS vulnerabilities monitoring\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Event Hub should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Event Hub accounts\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInEventHubRetentionDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Required retention (in days) of logs in Event Hub accounts\",\r\n \"description\": \"The required diagnostic logs retention period in days\"\r\n },\r\n \"defaultValue\": \"365\"\r\n },\r\n \"vmssSystemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System updates on virtual machine scale sets should be installed\",\r\n \"description\": \"Enable or disable virtual machine scale sets reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"diagnosticsLogsInServiceFabricMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Diagnostic logs in Virtual Machine Scale Sets should be enabled\",\r\n \"description\": \"Enable or disable the monitoring of diagnostic logs in Service Fabric\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"systemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System updates should be installed on your machines\",\r\n \"description\": \"Enable or disable reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Accounts: Guest account status\",\r\n \"description\": \"Specifies whether the local Guest account is disabled.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery console: Allow floppy copy and access to all drives and all folders\",\r\n \"description\": \"Specifies whether to make the Recovery Console SET command available, which allows setting of recovery console environment variables.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit: Shut down system immediately if unable to log security audits\",\r\n \"description\": \"Audits if the system will shut down when unable to log Security events.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Process Termination\",\r\n \"description\": \"Specifies whether audit events are generated when a process has exited. Recommended for monitoring termination of critical processes.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"WindowsFirewallDomainUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Domain profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Domain profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Private profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Private profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Public profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Public profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Domain: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPrivateAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Private: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Private profile.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPublicAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Public: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"CertificateThumbprints\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints that should exist under the Trusted Root certificate store (Cert:\\\\LocalMachine\\\\Root). e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"DeploydefaultMicrosoftIaaSAntimalwareextensionforWindowsServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInBatchAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInBatchAccountRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('systemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RequireencryptiononDataLakeStoreaccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diskEncryptionMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLTransparentDataEncryptionStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6\",\r\n \"parameters\": {\r\n \"installedApplication\": {\r\n \"value\": \"[parameters('installedApplicationsOnWindowsVM')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsAudit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsAudit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3\",\r\n \"parameters\": {\r\n \"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits\": {\r\n \"value\": \"[parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505\",\r\n \"parameters\": {\r\n \"AuditProcessTermination\": {\r\n \"value\": \"[parameters('DeployAzureBaselineSystemAuditPoliciesDetailedTrackingAuditProcessTermination')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInSearchServiceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInSearchServiceRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVirtualMachinesWithoutDisasterRecoveryConfigured\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssessmentOnManagedInstanceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssessmentOnManagedInstanceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssessmentMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssesmentMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_AdministrativeTemplatesNetwork\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_AdministrativeTemplatesNetwork\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8\",\r\n \"parameters\": {\r\n \"EnableInsecureGuestLogons\": {\r\n \"value\": \"[parameters('EnableInsecureGuestLogons')]\"\r\n },\r\n \"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain\": {\r\n \"value\": \"[parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain')]\"\r\n },\r\n \"TurnOffMulticastNameResolution\": {\r\n \"value\": \"[parameters('TurnOffMulticastNameResolution')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploynetworkwatcherwhenvirtualnetworksarecreated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_WindowsFirewallProperties\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_WindowsFirewallProperties\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9\",\r\n \"parameters\": {\r\n \"WindowsFirewallDomainUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallDomainDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallPrivateUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallPrivateDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallPublicUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallPublicDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallDomainAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainAllowUnicastResponse')]\"\r\n },\r\n \"WindowsFirewallPrivateAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateAllowUnicastResponse')]\"\r\n },\r\n \"WindowsFirewallPublicAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicAllowUnicastResponse')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"nextGenerationFirewallMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('nextGenerationFirewallMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"classicComputeVMsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('classicComputeVMsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"disableUnrestrictedNetworkToStorageAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveApplicationControlsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployDiagnosticSettingsforNetworkSecurityGroups\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89\",\r\n \"parameters\": {\r\n \"storagePrefix\": {\r\n \"value\": \"[parameters('DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix')]\"\r\n },\r\n \"rgName\": {\r\n \"value\": \"[parameters('DeployDiagnosticSettingsforNetworkSecurityGroupsrgName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsNetworkAccess\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsNetworkAccess\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a\",\r\n \"parameters\": {\r\n \"NetworkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPaths')]\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths')]\"\r\n },\r\n \"NetworkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"value\": \"[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppDisableRemoteDebuggingMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSqlServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsCertificateInTrustedRoot\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsCertificateInTrustedRoot\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5\",\r\n \"parameters\": {\r\n \"CertificateThumbprints\": {\r\n \"value\": \"[parameters('CertificateThumbprints')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('apiAppEnforceHttpsMonitoringEffectV2')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"jitNetworkAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('jitNetworkAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"kubernetesServiceRbacEnabledMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('kubernetesServiceRbacEnabledMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3\",\r\n \"parameters\": {\r\n \"AccountsGuestAccountStatus\": {\r\n \"value\": \"[parameters('DeployAzureBaselineSecurityOptionsAccountsAccountsGuestAccountStatus')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"restrictAccessToManagementPortsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('restrictAccessToManagementPortsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vmssOsVulnerabilitiesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vmssOsVulnerabilitiesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInEventHubMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubMonitoringEffect')]\"\r\n },\r\n \"requiredRetentionDays\": {\r\n \"value\": \"[parameters('diagnosticsLogsInEventHubRetentionDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vmssSystemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vmssSystemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diagnosticsLogsInServiceFabricMonitoringEffect\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsRecoveryconsole\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b\",\r\n \"parameters\": {\r\n \"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"value\": \"[parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"a169a624-5599-4385-a696-c8d643089fab\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows Server VMs on which Windows Serial Console is not enabled\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows Server virtual machines on which Windows Serial Console is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"EMSPortNumber\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"EMS Port Number\",\r\n \"description\": \"An integer indicating the COM port to be used for the Emergency Management Services (EMS) console redirection. For more information on EMS settings, please visit https://aka.ms/gcpolwsc\"\r\n },\r\n \"allowedValues\": [\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"EMSBaudRate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"EMS Baud Rate\",\r\n \"description\": \"An integer indicating the baud rate to be used for the Emergency Management Services (EMS) console redirection. For more information on EMS settings, please visit https://aka.ms/gcpolwsc\"\r\n },\r\n \"allowedValues\": [\r\n \"9600\",\r\n \"19200\",\r\n \"38400\",\r\n \"57600\",\r\n \"115200\"\r\n ],\r\n \"defaultValue\": \"115200\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsSerialConsole\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a031c68-d6ab-406e-a506-697a19c634b0\",\r\n \"parameters\": {\r\n \"EMSPortNumber\": {\r\n \"value\": \"[parameters('EMSPortNumber')]\"\r\n },\r\n \"EMSBaudRate\": {\r\n \"value\": \"[parameters('EMSBaudRate')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsSerialConsole\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d7ccd0ca-8d78-42af-a43d-6b7f928accbc\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/acb6cd8e-45f5-466f-b3cb-ff6fce525f71\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"acb6cd8e-45f5-466f-b3cb-ff6fce525f71\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs in which the Administrators group contains any of the specified members\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group contains any of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"MembersToExclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to exclude\",\r\n \"description\": \"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AdministratorsGroupMembersToExclude\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\r\n \"parameters\": {\r\n \"MembersToExclude\": {\r\n \"value\": \"[parameters('MembersToExclude')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AdministratorsGroupMembersToExclude\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/add1999e-a61c-46d3-b8c3-f35fb8398175\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"add1999e-a61c-46d3-b8c3-f35fb8398175\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs that contain certificates expiring within the specified number of days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines that contain certificates expiring within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"CertificateStorePath\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate store path\",\r\n \"description\": \"The path to the certificate store containing the certificates to check the expiration dates of. Default value is 'Cert:' which is the root certificate store path, so all certificates on the machine will be checked. Other example paths: 'Cert:\\\\LocalMachine', 'Cert:\\\\LocalMachine\\\\TrustedPublisher', 'Cert:\\\\CurrentUser'\"\r\n },\r\n \"defaultValue\": \"Cert:\"\r\n },\r\n \"ExpirationLimitInDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Expiration limit in days\",\r\n \"description\": \"An integer indicating the number of days within which to check for certificates that are expiring. For example, if this value is 30, any certificate expiring within the next 30 days will cause this policy to be non-compliant.\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"CertificateThumbprintsToInclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints to include\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints to check under the specified path. If a value is not specified, all certificates under the certificate store path will be checked. If a value is specified, no certificates other than those with the thumbprints specified will be checked. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"CertificateThumbprintsToExclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints to exclude\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints to ignore. e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n },\r\n \"defaultValue\": \"\"\r\n },\r\n \"IncludeExpiredCertificates\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Include expired certificates\",\r\n \"description\": \"Must be 'true' or 'false'. True indicates that any found certificates that have already expired will also make this policy non-compliant. False indicates that certificates that have expired will be be ignored.\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_CertificateExpiration\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5fbc59e-fb6f-494f-81e2-d99a671bdaa8\",\r\n \"parameters\": {\r\n \"CertificateStorePath\": {\r\n \"value\": \"[parameters('CertificateStorePath')]\"\r\n },\r\n \"ExpirationLimitInDays\": {\r\n \"value\": \"[parameters('ExpirationLimitInDays')]\"\r\n },\r\n \"CertificateThumbprintsToInclude\": {\r\n \"value\": \"[parameters('CertificateThumbprintsToInclude')]\"\r\n },\r\n \"CertificateThumbprintsToExclude\": {\r\n \"value\": \"[parameters('CertificateThumbprintsToExclude')]\"\r\n },\r\n \"IncludeExpiredCertificates\": {\r\n \"value\": \"[parameters('IncludeExpiredCertificates')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_CertificateExpiration\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9328f27e-611e-44a7-a244-39109d7d35ab\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/b6f5e05c-0aaa-4337-8dd4-357c399d12ae\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"b6f5e05c-0aaa-4337-8dd4-357c399d12ae\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs that have not restarted within the specified number of days\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines that have not restarted within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"NumberOfDays\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Number of days\",\r\n \"description\": \"The number of days without restart until the machine is considered non-compliant\"\r\n },\r\n \"defaultValue\": \"12\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_MachineLastBootUpTime\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b245d4-46c9-42be-9b1a-49e2b5b94194\",\r\n \"parameters\": {\r\n \"NumberOfDays\": {\r\n \"value\": \"[parameters('NumberOfDays')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_MachineLastBootUpTime\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e84ba44-6d03-46fd-950e-5efa5a1112fa\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/b8b5b0a8-b809-4e5d-8082-382c686e35b7\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"b8b5b0a8-b809-4e5d-8082-382c686e35b7\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs on which the DSC configuration is not compliant\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows VMs on which the Desired State Configuration (DSC) configuration is not compliant. This policy is only applicable to machines with WMF 4 and above. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsDscConfiguration\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d38b4c26-9d2e-47d7-aefe-18d859a8706a\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsDscConfiguration\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7227ebe5-9ff7-47ab-b823-171cd02fb90f\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c58599d5-0d51-454f-aaf1-da18a5e76edd\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c58599d5-0d51-454f-aaf1-da18a5e76edd\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Linux VMs that do not have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Linux virtual machines that do not have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should be installed. e.g. 'python; powershell'\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d1c04de-2172-403f-901b-90608c35c721\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_InstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fee5cb2b-9d9b-410e-afe3-2902d90d0004\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c937dcb4-4398-4b39-8d63-4a6be432252e\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c937dcb4-4398-4b39-8d63-4a6be432252e\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs with a pending reboot\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines with a pending reboot. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsPendingReboot\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c96f3246-4382-4264-bf6b-af0b35e23c3c\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsPendingReboot\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b0de57a-f511-4d45-a277-17cb79cb163b\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c96b2a9c-6fab-4ac2-ae21-502143491cd4\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c96b2a9c-6fab-4ac2-ae21-502143491cd4\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs that do not have the specified Windows PowerShell modules installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified Windows PowerShell modules installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"Modules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"PowerShell Modules\",\r\n \"description\": \"A semicolon-separated list of the names of the PowerShell modules that should be installed. You may also specify a specific version of a module that should be installed by including a comma after the module name, followed by the desired version. e.g. PSDscResources; SqlServerDsc, 12.0.0.0; ComputerManagementDsc, 6.1.0.0\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsPowerShellModules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90ba2ee7-4ca8-4673-84d1-c851c50d3baf\",\r\n \"parameters\": {\r\n \"Modules\": {\r\n \"value\": \"[parameters('Modules')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsPowerShellModules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16f9b37c-4408-4c30-bc17-254958f2e2d6\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/c980fd64-c67f-49a6-a8a8-e57661150802\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"c980fd64-c67f-49a6-a8a8-e57661150802\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs that do not contain the specified certificates in Trusted Root\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows VMs that do not contain the specified certificates in the Trusted Root Certification Authorities certificate store (Cert:\\\\LocalMachine\\\\Root). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"CertificateThumbprints\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Certificate thumbprints\",\r\n \"description\": \"A semicolon-separated list of certificate thumbprints that should exist under the Trusted Root certificate store (Cert:\\\\LocalMachine\\\\Root). e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsCertificateInTrustedRoot\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/106ccbe4-a791-4f33-a44a-06796944b8d5\",\r\n \"parameters\": {\r\n \"CertificateThumbprints\": {\r\n \"value\": \"[parameters('CertificateThumbprints')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsCertificateInTrustedRoot\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b9ad83-000d-4dc1-bff0-6d54533dd03f\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/cdfcc6ff-945e-4bc6-857e-056cbc511e0c\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"cdfcc6ff-945e-4bc6-857e-056cbc511e0c\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/nist80053-blueprint.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceIdforVMReporting\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace ID for VM agent reporting\"\r\n }\r\n },\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n },\r\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"List of users excluded from Windows VM Administrators group\"\r\n }\r\n },\r\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"List of users that must be included in Windows VM Administrators group\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithOwnerPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithReadPermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAccountsWithWritePermissionsWhoAreNotMfaEnabledOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditAnyMissingSystemUpdatesOnVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditCORSResourceAccessRestrictionsForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithReadPermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditExternalAccountsWithWritePermissionsOnASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditHttpsOnlyAccessForAnApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentMImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-3(2)\",\r\n \"NIST_SP_800-53_R4_AU-6(4)\",\r\n \"NIST_SP_800-53_R4_AU-12\",\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentInVMSSVmImageOSUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-3(2)\",\r\n \"NIST_SP_800-53_R4_AU-6(4)\",\r\n \"NIST_SP_800-53_R4_AU-12\",\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsWorkspaceforVMPreviewReportMismatch\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"value\": \"[parameters('logAnalyticsWorkspaceIdforVMreporting')]\"\r\n }\r\n },\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-3(2)\",\r\n \"NIST_SP_800-53_R4_AU-6(4)\",\r\n \"NIST_SP_800-53_R4_AU-12\",\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditMaximumNumberOfOwnersForASubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\",\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditMinimumNumberOfOwnersForSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\",\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\",\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditRemoteDebuggingStateForAFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditRemoteDebuggingStateForAWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditRemoteDebuggingStateForAnAPIApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatLinuxVMsHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsCannotreUseThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAudiThatWindowsVMsHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\",\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3\",\r\n \"NIST_SP_800-53_R4_SI-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatLinuxVMsDoNotHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatLinuxVMsHaveThePasswdFilePermissionsSeTTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsCannotreUseThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMaximumPasswordAgeOf70days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVMExtensionToAuditThatWindowsVMsStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\",\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3\",\r\n \"NIST_SP_800-53_R4_SI-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\",\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7(2)\",\r\n \"NIST_SP_800-53_R4_CM-7(5)\",\r\n \"NIST_SP_800-53_R4_CM-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(12)\",\r\n \"NIST_SP_800-53_R4_SC-7(3)\",\r\n \"NIST_SP_800-53_R4_SC-7(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\",\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnencryptedVMDisksInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-28(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorVMVulnerabilitiesInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\",\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]\"\r\n }\r\n },\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-5\",\r\n \"NIST_SP_800-53_R4_AU-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditEnablingOfOnlySecureConnectionsToYourRedisCache\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditProvisioningOfAnAzureActiveDirectoryAdministratorForSQLServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLManagedInstancesWithoutAdvancedDataSecurity\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-16\",\r\n \"NIST_SP_800-53_R4_AU-5\",\r\n \"NIST_SP_800-53_R4_AU-12\",\r\n \"NIST_SP_800-53_R4_RA-5\",\r\n \"NIST_SP_800-53_R4_SC-28(1)\",\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-5\",\r\n \"NIST_SP_800-53_R4_AU-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSQLServersWithoutAdvancedDataSecurity\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-16\",\r\n \"NIST_SP_800-53_R4_AU-5\",\r\n \"NIST_SP_800-53_R4_AU-12\",\r\n \"NIST_SP_800-53_R4_RA-5\",\r\n \"NIST_SP_800-53_R4_SC-28(1)\",\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\",\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\",\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditThatWindowsWebServersAreUsingsScureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditTransparentDataEncryptionStatus\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-28(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(1)\",\r\n \"NIST_SP_800-53_R4_SC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfAzureActiveDirectoryForClientAuthenticationInServiceFabric\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfCustomRBACRules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVirtualMachinesWithoutDisasterRecoveryConfigured\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\r\n \"parameters\": {\r\n \"MembersToExclude\": {\r\n \"value\": \"[parameters('listOfMembersToExcludeFromWindowsVMAdministratorsGroup')]\"\r\n }\r\n },\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\",\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployVMExtensionToAuditThatTheAdministratorsGroupInsideWindowsVMsIncludesTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"parameters\": {\r\n \"MembersToInclude\": {\r\n \"value\": \"[parameters('listOfMembersToIncludeInWindowsVMAdministratorsGroup')]\"\r\n }\r\n },\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\",\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployVMExtensionToAuditThatWindowsWebServersAreUsingScureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1000\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1001\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1002\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632024c2-8079-439d-a7f6-90af1d78cc65\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1003\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3b68b179-3704-4ff7-b51d-7d65374d165d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1004\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1005\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1006\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aae8d54c-4bce-4c04-b3aa-5b65b67caac8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1007\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17200329-bf6c-46d8-ac6d-abf4641c2add\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1008\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1009\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1010\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1011\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1012\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/efd7b9ae-1db6-4eb6-b0fe-87e6565f9738\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1013\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8fd7b917-d83b-4379-af60-51e14e316c61\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1014\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5dee936c-8037-4df1-ab35-6635733da48c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1015\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/544a208a-9c3f-40bc-b1d1-d7e144495c14\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1016\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d8b43277-512e-40c3-ab00-14b3b6e72238\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1017\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fc3db37-e59a-48c1-84e9-1780cedb409e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1018\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9121abf-e698-4ee9-b1cf-71ee528ff07f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1019\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a3ee9b2-3977-459c-b8ce-2db583abd9f7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1020\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b291ee8-3140-4cad-beb7-568c077c78ce\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1021\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9a3eb0a3-428d-4669-baff-20a14eb4b551\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(9)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1022\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/411f7e2d-9a0b-4627-a0b9-1700432db47d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(10)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1023\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e55698b6-3dea-4aa9-99b9-d8218c6ab6e5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(11)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1024\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84914fb4-12da-4c53-a341-a9fd463bed10\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(12)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1025\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/adfe020d-0a97-45f4-a39c-696ef99f3a95\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(12)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1026\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-2(13)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1027\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1028\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1029\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-4(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1030\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-4(21)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1031\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1032\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa85661-d618-46b8-a20f-ca40a86f0751\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1033\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1034\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/02a5ed00-6d2e-4e97-9a98-46c32c057329\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1035\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca94b046-45e2-444f-a862-dc8ce262a516\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1036\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9a16d673-8cf0-4dcf-b1d5-9b3e114fef71\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1037\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa4c2a3d-1294-41a3-9ada-0e540471e9fb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1038\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26692e88-71b7-4a5f-a8ac-9f31dd05bd8e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1039\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a7b9de4-a8a2-4672-914d-c5f6752aa7f9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1040\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/54205576-cec9-463f-ba44-b4b3f5d0a84c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1041\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b3d8d15b-627a-4219-8c96-4d16f788888b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1042\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/319dc4f0-0fed-4ac9-8fc3-7aeddee82c07\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(9)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1043\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361a77f6-0f9c-4748-8eec-bc13aaaa2455\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-6(10)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1044\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0abbac52-57cf-450d-8408-1208d0dd9e90\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1045\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/554d2dd6-f3a8-4ad5-b66f-5ce23bd18892\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1046\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b1aa965-7502-41f9-92be-3e2fe7cc392a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-7(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1047\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1ff6d62-a55c-41ab-90ba-90bb5b7b6f62\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1048\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/483e7ca9-82b3-45a2-be97-b93163a0deb7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1049\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adf7ba7-900a-4f35-8d57-9f34aafc405c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1050\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd20184c-b4ec-4ce5-8db6-6e86352d183f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1051\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7cac6ee9-b58b-40c8-a5ce-f0efc3d9b339\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1052\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/027cae1c-ec3e-4492-9036-4168d540c42a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1053\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7582b19c-9dba-438e-aed8-ede59ac35ba3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-11(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1054\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5807e1b4-ba5e-4718-8689-a0ca05a191b2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1055\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/769efd9b-3587-4e22-90ce-65ddcd5bd969\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-12(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1056\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac43352f-df83-4694-8738-cfce549fd08d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-12(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1057\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-14\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1058\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76e85d08-8fbb-4112-a1c1-93521e6a9254\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-14\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1059\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1060\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34a987fd-2003-45de-a120-014956581f2b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1061\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ac22808-a2e8-41c4-9d46-429b50738914\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1062\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1063\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/593ce201-54b2-4dd0-b34f-c308005d7780\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1064\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d9508-cbf0-4a3c-bb5c-6c95b159f3fb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1065\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f87b8085-dca9-4cf1-8f7b-9822b997797c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1066\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4455c2e8-c65d-4acf-895e-304916f90b36\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-17(9)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1067\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-18\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1068\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d045bca-a0fd-452e-9f41-4ec33769717c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-18\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1069\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-18(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1070\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/68f837d0-8942-4b1e-9b31-be78b247bda8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-18(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1071\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a437f5b-9ad6-4f28-8861-de404d511ae4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-18(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1072\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1ca29e41-34ec-4e70-aba9-6248aca18c31\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-18(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1073\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ab55cdb0-c7dd-4bd8-ae22-a7cea7594e9c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-19\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1074\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-19\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1075\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc933d22-04df-48ed-8f87-22a3773d4309\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-19(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1076\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98a4bd5f-6436-46d4-ad00-930b5b1dfed4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-20\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1077\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2dad3668-797a-412e-a798-07d3849a7a79\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-20\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1078\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b25faf85-8a16-4f28-8e15-d05c0072d64d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-20(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1079\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/85c32733-7d23-4948-88da-058e2c56b60f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-20(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1080\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/852981b4-a380-4704-aa1e-2e52d63445e5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-20(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1081\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3867f2a9-23bb-4729-851f-c3ad98580caf\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-21\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1082\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24d480ef-11a0-4b1b-8e70-4e023bf2be23\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-21\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1083\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4e319cb6-2ca3-4a58-ad75-e67f484e50ec\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-22\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1084\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d0eb15db-dd1c-4d1d-b200-b12dd6cd060c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-22\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1085\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13d117e0-38b0-4bbb-aaab-563be5dd10ba\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-22\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1086\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fb321e6f-16a0-4be3-878f-500956e309c5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AC-22\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1087\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/100c82ba-42e9-4d44-a2ba-94b209248583\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1088\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d50f99d-1356-49c0-934a-45f742ba7783\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1089\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1090\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1091\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1092\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1093\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1094\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4b1853e0-8973-446b-b567-09d901d31a09\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1095\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc3f6f7a-057b-433e-9834-e8c97b0194f6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1096\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1097\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-3(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1098\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1099\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/01910bab-8639-4bd0-84ef-cc53b24d79ba\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AT-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1100\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4057863c-ca7d-47eb-b1e0-503580cba8a4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1101\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7327b708-f0e0-457d-9d2a-527fcc9c9a65\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1102\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9943c16a-c54c-4b4a-ad28-bfd938cdbf57\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1103\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16feeb31-6377-437e-bbab-d7f73911896d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1104\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdd8d244-18b2-4306-a1d1-df175ae0935f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1105\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b73f57b-587d-4470-a344-0b0ae805f459\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1106\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d2b4feae-61ab-423f-a4c5-0e38ac4464d8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1107\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b29ed931-8e21-4779-8458-27916122a904\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1108\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9ad559e-c12d-415e-9a78-e50fdd7da7ba\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1109\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d9ffa23-ad92-4d0d-b1f4-7db274cc2aec\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-3(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1110\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1111\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1112\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d530aad8-4ee2-45f4-b234-c061dae683c0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1113\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1114\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c090801-59bc-4454-bb33-e0455133486a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-5(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1115\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b653845-2ad9-4e09-a4f3-5a7c1d78353d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1116\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e47bc51-35d1-44b8-92af-e2f2d8b67635\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1117\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7fbfe680-6dbb-4037-963c-a621c5635902\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1118\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a96f743d-a195-420d-983a-08aa06bc441e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1119\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/845f6359-b764-4b40-b579-657aefe23c44\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1120\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c69b870e-857b-458b-af02-bb234f7a00d3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1121\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c72b0eb9-1fc2-44e5-a866-e7cb0532f7c1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6(6)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1122\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/243ec95e-800c-49d4-ba52-1fdd9f6b8b57\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1123\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/03996055-37a4-45a5-8b70-3f1caa45f87d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-6(10)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1124\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c10152dd-78f8-4335-ae2d-ad92cc028da4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1125\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6ce745a-670e-47d3-a6c4-3cfe5ef00c10\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1126\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f37f71b-420f-49bf-9477-9c0196974ecf\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1127\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3ce328db-aef3-48ed-9f81-2ab7cf839c66\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1128\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef212163-3bc4-4e86-bcf8-705127086393\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1129\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71bb965d-4047-4623-afd4-b8189a58df5d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1130\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fd7c4c1d-51ee-4349-9dab-89a7f8c8d102\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1131\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b472a17e-c2bc-493f-b50b-42d55a346962\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1132\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-9(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1133\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-9(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1134\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4e95f70e-181c-4422-9da2-43079710c789\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-9(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1135\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9c308b6b-2429-4b97-86cf-081b8e737b04\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1136\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/97ed5bac-a92f-4f6d-a8ed-dc094723597c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1137\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4344df62-88ab-4637-b97b-bcaf2ec97e7c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1138\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9c284fc0-268a-4f29-af44-3c126674edb4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1139\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ed62522-de00-4dda-9810-5205733d2f34\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1140\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90d8b8ad-8ee3-4db7-913f-2a53fcff5316\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-12(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1141\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fdefbf4-93e7-4513-bc95-c1858b7093e0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_AU-12(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1142\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1143\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c6de11b-5f51-4f7c-8d83-d2467c8a816e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1144\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fa15ff1-a693-4ee4-b094-324818dc9a51\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1145\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a0724970-9c75-4a64-a225-a28002953f28\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1146\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd83410c-ecb6-4547-8f14-748c3cbdc7ac\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1147\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8fef824a-29a8-4a4c-88fc-420a39c0d541\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1148\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28e62650-c7c2-4786-bdfa-17edc1673902\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1149\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e1b855b-a013-481a-aeeb-2bcb129fd35d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1150\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d630429d-e763-40b1-8fba-d20ba7314afb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1151\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/347e3b69-7fb7-47df-a8ef-71a1a7b44bca\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1152\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1153\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/61cf3125-142c-4754-8a16-41ab4d529635\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1154\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e757ceb9-93b3-45fe-a4f4-f43f64f1ac5a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1155\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d33f9f1-12d0-46ad-9fbd-8f8046694977\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-3(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1156\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d52e864-9a3b-41ee-8f03-520815fe5378\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1157\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/15495367-cf68-464c-bbc3-f53ca5227b7a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1158\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fff50cf2-28eb-45b4-b378-c99412688907\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1159\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0925f098-7877-450b-8ba4-d1e55f2d8795\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1160\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3e797ca6-2aa8-4333-b335-7036f1110c05\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1161\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1162\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1163\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/961663a1-8a91-4e59-b6f5-1eee57c0f49c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1164\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fb8d3ce-9e96-481c-9c68-88d4e3019310\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1165\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47e10916-6c9e-446b-b0bd-ff5fd439d79d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1166\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bb02733d-3cc5-4bb0-a6cd-695ba2c2272e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1167\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbb2be76-4891-430b-95a7-ca0b0a3d1300\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1168\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82409f9e-1f32-4775-bf07-b99d53a91b06\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1169\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e7ba2cb3-5675-4468-8b50-8486bdd998a5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-7(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1170\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b78b9b3-ee3c-48e0-a243-ed6dba5b7a12\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1171\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d4820bc-8b61-4982-9501-2123cb776c00\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1172\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b43e946e-a4c8-4b92-8201-4a39331db43c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1173\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4aff9e7-2e60-46fa-86be-506b79033fc5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CA-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1174\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1175\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1176\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1177\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/63dbc7a8-e20b-4d38-b857-a7f6c0cd94bc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1178\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7818b8f4-47c6-441a-90ae-12ce04e99893\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1179\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3f9ce557-c8ab-4e6c-bb2c-9b8ed002c46c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1180\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/874e7880-a067-42a7-bcbe-1a340f54c8cc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1181\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21839937-d241-4fa5-95c6-b669253d9ab9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1182\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1183\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-2(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1184\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13579d0e-0ab0-4b26-b0fb-d586f6d7ed20\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1185\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6420cd73-b939-43b7-9d99-e8688fea053c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1186\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b95ba3bd-4ded-49ea-9d10-c6f4b680813d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1187\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2b2f9e-4ba6-46c3-907f-66db138b6f85\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1188\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bb20548a-c926-4e4d-855c-bcddc6faf95e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1189\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee45e02a-4140-416c-82c4-fecfea660b9d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1190\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c66a3d1e-465b-4f28-9da5-aef701b59892\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1191\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f26a61b-a74d-467c-99cf-63644db144f7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1192\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ebd97f7-b105-4f50-8daf-c51465991240\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1193\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5fd629f-3075-4cae-ab53-bad65495a4ac\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1194\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc34667f-397e-4a65-9b72-d0358f0b6b09\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1195\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1e1d65c-1013-4484-bd54-991332e6a0d2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1196\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4e7f4ea4-dd62-44f6-8886-ac6137cf52b0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1197\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a20d2eaa-88e2-4907-96a2-8f3a05797e5c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1198\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f56be5c3-660b-4c61-9078-f67cf072c356\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1199\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9a08d1c-09b1-48f1-90ea-029bbdf7111e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-3(6)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1200\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e98fe9d7-2ed3-44f8-93b7-24dca69783ff\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1201\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7daef997-fdd3-461b-8807-a608a6dd70f1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-4(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1202\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1203\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9012d14-e3e6-4d7b-b926-9f37b5537066\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1204\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f4f6750-d1ab-4a4c-8dfd-af3237682665\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-5(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1205\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b070cab-0fb8-4e48-ad29-fc90b4c2797c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-5(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1206\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e0de232d-02a0-4652-872d-88afb4ae5e91\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-5(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1207\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8713a0ed-0d1e-4d10-be82-83dffb39830e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-5(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1208\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ea87673-d06b-456f-a324-8abcee5c159f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1209\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce669c31-9103-4552-ae9c-cdef4e03580d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1210\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3502c968-c490-4570-8167-1476f955e9b8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1211\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a8b9dc8-6b00-4701-aa96-bba3277ebf50\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1212\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56d970ee-4efc-49c8-8a4e-5916940d784c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-6(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1213\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81f11e32-a293-4a58-82cd-134af52e2318\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-6(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1214\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f714a4e2-b580-47b6-ae8c-f2812d3750f3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1215\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88fc93e8-4745-4785-b5a5-b44bb92c44ff\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1216\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7894fe6a-f5cb-44c8-ba90-c3f254ff9484\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1217\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/edea4f20-b02c-4115-be75-86c080e5c0ed\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1218\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4a1d0394-b9f5-493e-9e83-563fd0ac4df8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1219\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1220\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1221\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-7(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1222\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1223\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1224\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1225\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1226\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1227\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1228\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1229\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-8(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1230\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1231\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1232\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1233\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1234\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1235\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1236\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1237\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-10(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1238\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1239\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1240\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1241\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CM-11(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1242\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1243\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1244\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1245\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1246\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1247\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1248\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1249\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1250\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1251\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1252\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1253\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1254\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1255\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1256\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-2(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1257\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1258\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1259\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1260\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1261\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1262\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1263\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1264\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-4(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1265\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-4(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1266\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-4(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1267\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1268\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1269\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-6(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1270\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-6(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1271\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-6(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1272\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1273\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1274\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1275\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1276\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1277\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1278\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-7(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1279\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1280\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1281\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1282\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1283\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1284\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1285\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1286\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-8(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1287\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1288\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1289\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1290\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1291\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1292\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1293\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1294\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-9(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1295\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1296\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-10(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1297\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_CP-10(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1298\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1299\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fd4e54f7-9ab0-4bae-b6cc-457809948a89\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1300\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1301\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1302\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1303\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1304\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1305\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1306\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1307\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(9)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1308\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(11)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1309\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-2(12)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1310\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1311\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e7568697-0c9e-4ea3-9cec-9e567d14f3c6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1312\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4d6a5968-9eef-4c18-8534-376790ab7274\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1313\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36220f5b-79a1-4cdb-8c74-2d2449f9a510\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1314\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef0c8530-efd9-45b8-b753-f03083d06295\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1315\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa87116-f1a1-4edb-bfbf-14e036f8d454\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1316\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ce14753-66e5-465d-9841-26ef55c09c0d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-4(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1317\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1318\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1319\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1320\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f54c732-71d4-4f93-a696-4e373eca3a77\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1321\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb627cc6-3a9d-46b5-96b7-5fca49178a37\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1322\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9d1d971e-467e-4278-9633-c74c3d4fecc4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1323\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abe8f70b-680f-470c-9b86-a7edfb664ecc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1324\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8cfea2b3-7f77-497e-ac20-0752f2ff6eee\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1325\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1845796a-7581-49b2-ae20-443121538e19\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1326\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8605fc00-1bf5-4fb3-984e-c95cec4f231d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1327\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1328\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1329\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1330\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1331\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/05460fe2-301f-4ed1-8174-d62c8bb92ff4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1332\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1333\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3298d6bf-4bc6-4278-a95d-f7ef3ac6e594\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1334\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44bfdadc-8c2e-4c30-9c99-f005986fabcd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1335\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1336\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/77f56280-e367-432a-a3b9-8ca2aa636a26\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1337\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1338\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c59a207-6aed-41dc-83a2-e1ff66e4a4db\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1339\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(6)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1340\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e51ff84b-e5ea-408f-b651-2ecc2933e4c6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1341\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1342\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(11)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1343\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c251a55-31eb-4e53-99c6-e9c43c393ac2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-5(13)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1344\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c895fe7-2d8e-43a2-838c-3a533a5b355e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1345\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1346\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/464dc8ce-2200-4720-87a5-dc5952924cc6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1347\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/131a2706-61e9-4916-a164-00e052056462\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1348\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/855ced56-417b-4d74-9d5f-dd1bc81e22d6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-8(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1349\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17641f70-94cd-4a5d-a613-3d1143e20e34\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-8(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1350\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d77fd943-6ba6-4a21-ba07-22b03e347cc4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IA-8(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1351\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1352\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1353\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1354\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1355\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1356\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1357\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1358\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1359\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-3(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1360\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1361\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1362\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1363\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1364\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1365\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1366\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1367\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4(6)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1368\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-4(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1369\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1370\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1371\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1372\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1373\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-6(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1374\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1375\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1376\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-7(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1377\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-7(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1378\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1379\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1380\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1381\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1382\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1383\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1384\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1385\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1386\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1387\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1388\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1389\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1390\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1391\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1392\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1393\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_IR-9(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1394\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4db56f68-3f50-45ab-88f3-ca46f5379a94\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1395\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7207a023-a517-41c5-9df2-09d4c6845a05\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1396\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/276af98f-4ff9-4e69-99fb-c9b2452fb85f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1397\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/391af4ab-1117-46b9-b2c7-78bbd5cd995b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1398\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/443e8f3d-b51a-45d8-95a7-18b0e42f4dc4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1399\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2256e638-eb23-480f-9e15-6cf1af0a76b3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1400\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a96d5098-a604-4cdf-90b1-ef6449a27424\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1401\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b78ee928-e3c1-4569-ad97-9f8c4b629847\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1402\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a560d32-8075-4fec-9615-9f7c853f4ea9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1403\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/57149289-d52b-4f40-9fe6-5233c1ef80f7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1404\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13d8f903-0cd6-449f-a172-50f6579c182b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1405\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe1a0bf3-409a-4b00-b60d-0b1f917f7e7b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1406\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a0f5339c-9292-43aa-a0bc-d27c6b8e30aa\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-3(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1407\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff9fbd83-1d8d-4b41-aac2-94cb44b33976\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1408\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5f56ac6-4bb2-4086-bc41-ad76344ba2c2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1409\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d1880188-e51a-4772-b2ab-68f5e8bd27f6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1410\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a2596a9f-e59f-420d-9625-6e0b536348be\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1411\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/898d4fe8-f743-4333-86b7-0c9245d93e7d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1412\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3492d949-0dbb-4589-88b3-7b59601cc764\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1413\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aeedddb6-6bc0-42d5-809b-80048033419d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1414\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2ce63a52-e47b-4ae2-adbb-6e40d967f9e6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1415\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/61a1dd98-b259-4840-abd5-fbba7ee0da83\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1416\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38dfd8a3-5290-4099-88b7-4081f4c4d8ae\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1417\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7522ed84-70d5-4181-afc0-21e50b1b6d0e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1418\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28e633fd-284e-4ea7-88b4-02ca157ed713\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1419\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-4(6)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1420\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/05ae08cc-a282-413b-90c7-21a2c60b8404\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1421\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e539caaa-da8c-41b8-9e1e-449851e2f7a6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1422\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ea556850-838d-4a37-8ce5-9d7642f95e11\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1423\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7741669e-d4f6-485a-83cb-e70ce7cbbc20\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1424\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cf55fc87-48e1-4676-a2f8-d9a8cf993283\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1425\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5983d99c-f39b-4c32-a3dc-170f19f6941b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MA-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1426\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21f639bc-f42b-46b1-8f40-7a2a389c291a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1427\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc90e44f-d83f-4bdf-900f-3d5eb4111b31\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1428\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a77fcc7-b8d8-451a-ab52-56197913c0c7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1429\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b07c9b24-729e-4e85-95fc-f224d2d08a80\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1430\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f559588-5e53-4b14-a7c4-85d28ebc2234\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1431\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7173c52-2b99-4696-a576-63dd5f970ef4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1432\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1140e542-b80d-4048-af45-3f7245be274b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1433\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b879b41-2728-41c5-ad24-9ee2c37cbe65\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1434\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c18f06b-a68d-41c3-8863-b8cd3acb5f8f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1435\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa8d221b-d130-4637-ba16-501e666628bb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1436\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28aab8b4-74fd-4b7c-9080-5a7be525d574\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1437\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d1eb6ed-bf13-4046-b993-b9e2aef0f76c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-5(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1438\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/40fcc635-52a2-4dbc-9523-80a1f4aa1de6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1439\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dce72873-c5f1-47c3-9b4f-6b8207fd5a45\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1440\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/881299bf-2a5b-4686-a1b2-321d33679953\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-6(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1441\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6519d7f3-e8a2-4ff3-a935-9a9497152ad7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-6(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1442\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f26049b-2c5a-4841-9ff3-d48a26aae475\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-6(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1443\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cd0ec6fa-a2e7-4361-aee4-a8688659a9ed\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1444\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/666143df-f5e0-45bd-b554-135f0f93e44e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_MP-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1445\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32d07d59-2716-4972-b37b-214a67ac4a37\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1446\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bf6850fe-abba-468e-9ef4-d09ec7d983cd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1447\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b9783a99-98fe-4a95-873f-29613309fe9a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1448\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/825d6494-e583-42f2-a3f2-6458e6f0004f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1449\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f784d3b0-5f2b-49b7-b9f3-00ba8653ced5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1450\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/134d7a13-ba3e-41e2-b236-91bfcfa24e01\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1451\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3f1e5a3-25c1-4476-8cb6-3955031f8e65\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1452\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82c76455-4d3f-4e09-a654-22e592107e74\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1453\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9693b564-3008-42bc-9d5d-9c7fe198c011\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1454\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad58985d-ab32-4f99-8bd3-b7e134c90229\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1455\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/068a88d4-e520-434e-baf0-9005a8164e6a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1456\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/733ba9e3-9e7c-440a-a7aa-6196a90a2870\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1457\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f2d9d3e6-8886-4305-865d-639163e5c305\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1458\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c19ceb7-56e9-4488-8ddb-b1eb3aa6d203\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1459\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75cc73c7-5cdb-479d-a06f-7b4d0dbb1da0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1460\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f3ce1bb-4f77-4695-8355-70b08d54fdda\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1461\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aafef03e-fea8-470b-88fa-54bd1fcd7064\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1462\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9b1f3a9a-13a1-4b40-8420-36bca6fd8c02\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1463\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59721f87-ae25-4db0-a2a4-77cc5b25d495\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1464\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-6(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1465\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e6e41554-86b5-4537-9f7f-4fc41a1d1640\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-6(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1466\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0d943a9c-a6f1-401f-a792-740cdb09c451\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1467\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5350cbf9-8bdd-4904-b22a-e88be84ca49d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1468\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75603f96-80a1-4757-991d-5a1221765ddd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1469\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f509c5b6-0de0-4a4e-9b2e-cd9cbf3a58fd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1470\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c89ba09f-2e0f-44d0-8095-65b05bd151ef\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1471\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7dd0e9ce-1772-41fb-a50a-99977071f916\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1472\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef869332-921d-4c28-9402-3be73e6e50c8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1473\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d7047705-d719-46a7-8bb0-76ad233eba71\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1474\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/03ad326e-d7a1-44b1-9a76-e17492efc9e4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-11(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1475\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34a63848-30cf-4081-937e-ce1a1c885501\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1476\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f3c4ac2-3e35-4906-a80b-473b12a622d7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-13\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1477\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4862a63c-6c74-4a9d-a221-89af3c374503\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-13(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1478\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f997df46-cfbb-4cc8-aac8-3fecdaf6a183\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-13(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1479\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e327b072-281d-4f75-9c28-4216e5d72f26\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-13(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1480\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18a767cc-1947-4338-a240-bc058c81164f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-14\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1481\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/717a1c78-a267-4f56-ac58-ee6c54dc4339\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-14\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1482\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9df4277e-8c88-4d5c-9b1a-541d53d15d7b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-14(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1483\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5cb81060-3c8a-4968-bcdc-395a1801f6c1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-15\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1484\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/486b006a-3653-45e8-b41c-a052d3e05456\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-15(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1485\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50301354-95d0-4a11-8af5-8039ecf6d38b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-16\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1486\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb790345-a51f-43de-934e-98dbfaf9dca5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1487\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c3371d-c30c-4f58-abd9-30b8a8199571\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1488\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d8ef30eb-a44f-47af-8524-ac19a36d41d2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1489\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9d0a794f-1444-4c96-9534-e35fc8c39c91\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PE-18\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1490\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1491\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1492\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1493\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22b469b3-fccf-42da-aa3b-a28e6fb113ce\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1494\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ed09d84-3311-4853-8b67-2b55dfa33d09\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1495\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4978d0e-a596-48e7-9f8c-bbf52554ce8d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1496\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0ca96127-2f87-46ab-a4fc-0d2a786df1c8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1497\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e3c5583-1729-4d36-8771-59c32f090a22\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1498\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/633988b9-cf2f-4323-8394-f0d2af9cd6e1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1499\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e59671ab-9720-4ee2-9c60-170e8c82251e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1500\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dd5b241-03cb-47d3-a5cd-4b89f9c53c92\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1501\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88817b58-8472-4f6c-81fa-58ce42b67f51\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1502\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e901375c-8f01-4ac8-9183-d5312f47fe63\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-4(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1503\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1504\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1505\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PL-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1506\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d2ff17-d604-4dd9-b607-9ecf63f28ad2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1507\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86ccd1bf-e7ad-4851-93ce-6ec817469c1e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1508\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76f500cc-4bca-4583-bda1-6d084dc21086\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1509\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70792197-9bfc-4813-905a-bd33993e327f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1510\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79da5b09-0e7e-499e-adda-141b069c7998\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1511\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9eae324-d327-4539-9293-b48e122465f8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1512\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5a8324ad-f599-429b-aaed-f9c6e8c987a8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1513\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c416970d-b12b-49eb-8af4-fb144cd7c290\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1514\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ed5ca00-0e43-434e-a018-7aab91461ba7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-3(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1515\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/02dd141a-a2b2-49a7-bcbd-ca31142f6211\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1516\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da3cd269-156f-435b-b472-c3af34c032ed\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1517\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8f5ad423-50d6-4617-b058-69908f5586c9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1518\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0d58f734-c052-40e9-8b2f-a1c2bff0b815\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1519\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2f13915a-324c-4ab8-b45c-2eefeeefb098\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1520\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f2c513b-eb16-463b-b469-c10e5fa94f0a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1521\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cbddf9c-a3aa-4330-a0f5-4c0c1f1862e5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-4(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1522\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38b470cc-f939-4a15-80e0-9f0c74f2e2c9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1523\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5577a310-2551-49c8-803b-36e0d5e55601\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1524\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72f1cb4e-2439-4fe8-88ea-b8671ce3c268\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1525\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9be2f688-7a61-45e3-8230-e1ec93893f66\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1526\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/953e6261-a05a-44fd-8246-000e1a3edbb9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1527\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2823de66-332f-4bfd-94a3-3eb036cd3b67\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1528\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/deb9797c-22f8-40e8-b342-a84003c924e6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1529\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1530\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6e8f9566-29f1-49cd-b61f-f8628a3cf993\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1531\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0643e0c-eee5-4113-8684-c608d05c5236\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1532\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a2c66299-9017-4d95-8040-8bdbf7901d52\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1533\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bba2a036-fb3b-4261-b1be-a13dfb5fbcaa\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1534\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b2b263e-cd05-4488-bcbf-4debec7a17d9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1535\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9a165d2-967d-4733-8399-1074270dae2e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_PS-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1536\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1537\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1538\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1539\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1540\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1541\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1542\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1543\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1544\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1545\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1546\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1547\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1548\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1549\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1550\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1551\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1552\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1553\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1554\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1555\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1556\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(6)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1557\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1558\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_RA-5(10)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1559\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1560\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1561\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/40364c3f-c331-4e29-b1e3-2fbe998ba2f5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1562\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d4142013-7964-4163-a313-a900301c2cef\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1563\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9afe2edf-232c-4fdf-8e6a-e867a5c525fd\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1564\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/157f0ef9-143f-496d-b8f9-f8c8eeaad801\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1565\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/45ce2396-5c76-4654-9737-f8792ab3d26b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1566\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ad3724-e2ac-4716-afcc-d8eabd97adb9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1567\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e72edbf6-aa61-436d-a227-0f32b77194b3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1568\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b6a8eae8-9854-495a-ac82-d2cd3eac02a6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1569\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad2f8e61-a564-4dfd-8eaa-816f5be8cb34\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1570\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7fcf38d-bb09-4600-be7d-825046eb162a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1571\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b11c985b-f2cd-4bd7-85f4-b52426edf905\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1572\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04f5fb00-80bb-48a9-a75b-4cb4d4c97c36\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1573\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/58c93053-7b98-4cf0-b99f-1beb985416c2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1574\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f935dab-83d6-47b8-85ef-68b8584161b9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1575\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93e1bb73-1b08-4dbe-9c62-8e2e92e7ec41\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1576\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f18c885-ade3-48c5-80b1-8f9216019c18\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1577\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1578\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4(9)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1579\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4e54c7ef-7457-430b-9a3e-ef8881d4a8e0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-4(10)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1580\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1581\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/742b549b-7a25-465f-b83c-ea1ffb4f4e0e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1582\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cd9e2f38-259b-462c-bfad-0ad7ab4e65c5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1583\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0882d488-8e80-4466-bc0f-0cd15b6cb66d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1584\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5864522b-ff1d-4979-a9f8-58bee1fb174c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1585\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d57f8732-5cdc-4cda-8d27-ab148e1f3a55\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1586\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6e3b2fbd-8f37-4766-a64d-3f37703dcb51\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1587\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32820956-9c6d-4376-934c-05cd8525be7c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1588\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/68ebae26-e0e0-4ecb-8379-aabf633b51e9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1589\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1590\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1591\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1592\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d01ba6c-289f-42fd-a408-494b355b6222\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1593\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2cd0a426-b5f5-4fe0-9539-a6043cdbc6fa\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-9(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1594\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1595\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1596\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1597\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1598\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1599\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-10(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1600\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c53f3123-d233-44a7-930b-f40d3bfeb7d6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1601\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0ee79a0c-addf-4ce9-9b3c-d9576ed5e20e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1602\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ddae2e97-a449-499f-a1c8-aea4a7e52ec9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1603\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2b909c26-162f-47ce-8e15-0c1f55632eac\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1604\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44dbba23-0b61-478e-89c7-b3084667782f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1605\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0062eb8b-dc75-4718-8ea5-9bb4a9606655\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1606\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1607\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/976a74cf-b192-4d35-8cab-2068f272addb\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-11(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1608\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1609\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9e93fa71-42ac-41a7-b177-efbfdc53c69f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-15\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1610\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b9f3fb54-4222-46a1-a308-4874061f8491\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-15\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1611\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-16\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1612\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1613\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1614\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SA-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1615\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1616\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1617\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a631d8f5-eb81-4f9d-9ee1-74431371e4a3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1618\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f52f89aa-4489-4ec4-950e-8c96a036baa9\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1619\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1620\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d17c826b-1dec-43e1-a984-7b71c446649c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1621\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cb9f731-744a-4691-a481-ca77b0411538\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1622\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1623\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/02ce1b22-412a-4528-8630-c42146f917ed\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1624\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37d079e3-d6aa-4263-a069-dd7ac6dd9684\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1625\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b9b66a4d-70a1-4b47-8fa1-289cec68c605\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1626\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8f6bddd-6d67-439a-88d4-c5fe39a79341\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1627\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fd73310d-76fc-422d-bda4-3a077149f179\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1628\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67de62b4-a737-4781-8861-3baed3c35069\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1629\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c171b095-7756-41de-8644-a062a96043f2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1630\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3643717a-3897-4bfd-8530-c7c96b26b2a0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1631\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1632\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ce9073a-77fa-48f0-96b1-87aa8e6091c2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1633\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/07557aa0-e02f-4460-9a81-8ecd2fed601a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(8)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1634\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/292a7c44-37fa-4c68-af7c-9d836955ded2\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(10)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1635\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(12)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1636\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7b694eed-7081-43c6-867c-41c76c961043\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(13)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1637\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4075bedc-c62a-4635-bede-a01be89807f3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(18)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1638\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49b99653-32cd-405d-a135-e7d60a9aae1f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(20)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1639\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78e8e649-50f6-4fe3-99ac-fedc2e63b03f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-7(21)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1640\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1641\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1642\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/53397227-5ee3-4b23-9e5e-c8a767ce6928\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1643\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-12(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1645\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-12(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1646\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-12(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1647\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-13\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1648\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a9eb14b-495a-4ebb-933c-ce4ef5264e32\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-15\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1649\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26d292cc-b0b8-4c29-9337-68abc758bf7b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-15\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1650\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-17\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1651\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6db63528-c9ba-491c-8a80-83e1e6977a50\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-18\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1652\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6998e84a-2d29-4e10-8962-76754d4f772d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-18\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1653\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1c00a7-7fd0-42b0-8c5b-c45f6fa1f71b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-18\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1654\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a2ee16e-ab1f-414a-800b-d1608835862b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-19\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1655\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/121eab72-390e-4629-a7e2-6d6184f57c6b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-19\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1656\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cb067d5-c8b5-4113-a7ee-0a493633924b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-20\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1657\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-20\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1658\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/063b540e-4bdc-4e7a-a569-3a42ddf22098\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-21\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1659\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-22\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1660\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/63096613-ce83-43e5-96f4-e588e8813554\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-23\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1661\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c643c9a-1be7-4016-a5e7-e4bada052920\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-23(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1662\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/165cb91f-7ea8-4ab7-beaf-8636b98c9d15\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-24\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1663\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-28\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1664\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-28(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1665\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5df3a55c-8456-44d4-941e-175f79332512\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SC-39\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1666\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12e30ee3-61e6-4509-8302-a871e8ebb91e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1667\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-1\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1668\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1669\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48f2f62b-5743-4415-a143-288adc0e078d\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1670\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6108469-57ee-4666-af7e-79ba61c7ae0c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1671\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c5bbef7-a316-415b-9b38-29753ce8e698\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1672\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b45fe972-904e-45a4-ac20-673ba027a301\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1673\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dff0b90d-5a6f-491c-b2f8-b90aa402d844\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1674\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93e9e233-dd0a-4bde-aea5-1371bce0e002\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1675\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/facb66e0-1c48-478a-bed5-747a312323e1\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-2(3)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1676\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c10fb58b-56a8-489e-9ce3-7ffe24e78e4b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1677\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4a248e1e-040f-43e5-bff2-afc3a57a3923\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1678\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd533cb0-b416-4be7-8e86-4d154824dfd7\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1679\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2cf42a28-193e-41c5-98df-7688e7ef0a88\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1680\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/399cd6ee-0e18-41db-9dea-cde3bd712f38\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1681\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12623e7e-4736-4b2e-b776-c1600f35f93a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1682\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/62b638c5-29d7-404b-8d93-f21e4b1ce198\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-3(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1683\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1684\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1685\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36b0ef30-366f-4b1b-8652-a3511df11f53\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1686\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e17085c5-0be8-4423-b39b-a52d3d1402e5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1687\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1688\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/063c3f09-e0f0-4587-8fd5-f4276fae675f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1689\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/de901f2f-a01a-4456-97f0-33cda7966172\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1690\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1691\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71475fb4-49bd-450b-a1a5-f63894c24725\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1692\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ecda928-9df4-4dd7-8f44-641a91e470e8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(4)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1693\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a450eba6-2efc-4a00-846a-5804a93c6b77\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1694\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(11)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1695\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(14)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1696\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/69d2a238-20ab-4206-a6dc-f302bf88b1b8\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(16)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1697\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9873db2-18ad-46b3-a11a-1a1f8cbf0335\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(18)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1698\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(19)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1699\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/69c7bee8-bc19-4129-a51e-65a7b39d3e7c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(20)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1700\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7831b4ba-c3f4-4cb1-8c11-ef8d59438cd5\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(22)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1701\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f25bc08f-27cb-43b6-9a23-014d00700426\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(23)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1702\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4dfc0855-92c4-4641-b155-a55ddd962362\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-4(24)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1703\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1704\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d44b6fa-1134-4ea6-ad4e-9edb68f65429\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1705\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1706\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-5\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1707\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-5(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1708\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a1e2c88-13de-4959-8ee7-47e3d74f1f48\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1709\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/025992d6-7fee-4137-9bbf-2ffc39c0686c\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1710\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af2a93c8-e6dd-4c94-acdd-4a2eedfc478e\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1711\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-6\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1712\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-7\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1713\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-7(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1714\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-7(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1715\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-7(5)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1716\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-7(7)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1717\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-7(14)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1718\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-7(14)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1719\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c13da9b4-fe14-4fe2-853a-5997c9d4215a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1720\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44b9a7cd-f36a-491a-a48b-6d04ae7c4221\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-8\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1721\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d207aaef-7c4d-4f8c-9dce-4d62dfa3d29a\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-8(1)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1722\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1da06bd-25b6-4127-a301-c313d6873fff\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-8(2)\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1723\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e91927a0-ac1d-44a0-95f8-5185f9dfce9f\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-10\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1724\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d07594d1-0307-4c08-94db-5d71ff31f0f6\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1725\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/afc234b5-456b-4aa5-b3e2-ce89108124cc\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-11\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1726\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baff1279-05e0-4463-9a70-8ba5de4c7aa4\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-12\"\r\n ]\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ACF1727\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/697175a7-9715-4e89-b98b-c6f605888fa3\",\r\n \"parameters\": {},\r\n \"groupNames\": [\r\n \"NIST_SP_800-53_R4_SI-16\"\r\n ]\r\n }\r\n ],\r\n \"policyDefinitionGroups\": [\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-11(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-11\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-11\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-12(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-12\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-12\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-14\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-14\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-16\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_ AC-16\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-17(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-17(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-17(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-17(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-17(9)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17(9)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-17\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-17\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-18(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-18(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-18(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-18(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-18\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-18\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-19(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-19\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-19\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(10)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(10)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(11)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(11)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(12)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(12)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(13)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(13)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2(9)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2(9)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-20(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-20(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-20\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-20\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-21\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-21\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-22\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-22\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-4(21)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(21)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-4(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(10)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(10)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6(9)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6(9)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-7(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AC-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AC-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AT-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AT-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AT-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AT-3(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AT-3(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AT-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AT-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AT-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-11\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-11\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-12(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-12(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-12\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-12\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-3(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-3(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-5(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-5(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6(10)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(10)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6(6)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(6)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-7(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-9(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-9(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-9(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_AU-9\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_AU-9\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-2(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-3(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-3(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-7(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-7(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CA-9\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CA-9\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-10(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-11(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-11\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-11\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-2(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-2(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-3(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-3(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-3(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-3(6)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3(6)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-4(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-5(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-5(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-5(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-5(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-6(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-6(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-7(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-7(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-7(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-8(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-8(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-8(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-8(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CM-9\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CM-9\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-10(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-10(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-2(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-2(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-2(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-2(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-3(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-4(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-4(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-6(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-6(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-6(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-7(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-7(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-7(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-7(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-8(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-8(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-8(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-9(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-9(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-9(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-9(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_CP-9\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_CP-9\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(11)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(11)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(12)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(12)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2(9)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2(9)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-4(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(11)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(11)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(13)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(13)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(6)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(6)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-8(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-8(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-8(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IA-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IA-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-2(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-3(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-4(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-4(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-4(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-4(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-4(6)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(6)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-4(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-5(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-6(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-7(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-7(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-9(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-9(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-9(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-9(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_IR-9\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_IR-9\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-3(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-3(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-3(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-4(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-4(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-4(6)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4(6)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-5(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MA-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MA-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-5(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-6(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-6(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-6(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-7(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_MP-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_MP-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-11(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-11\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-11\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-12\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-12\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-13(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-13(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-13(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-13\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-13\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-14(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-14\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-14\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-15(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-15\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-15\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-16\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-16\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-17\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-17\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-18\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-18\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-3(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-6(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-6(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PE-9\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PE-9\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PL-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PL-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PL-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PL-4(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PL-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PL-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PL-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-3(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-4(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_PS-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_PS-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(10)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(10)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(6)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(6)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_RA-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_RA-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-10(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-11(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-11(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-11(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-11\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-11\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-12\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-12\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-15\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-15\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-16\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-16\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-17\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-17\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-4(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-4(10)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(10)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-4(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-4(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-4(9)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4(9)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-9(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-9(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-9(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-9(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SA-9\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SA-9\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-12(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-12(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-12(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-12\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-12\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-13\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-13\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-15\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-15\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-17\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-17\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-18\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-18\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-19\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-19\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-20\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-20\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-21\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-21\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-22\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-22\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-23(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-23\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-23\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-24\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-24\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-28(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-28\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-28\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-39\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-39\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(10)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(10)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(12)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(12)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(13)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(13)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(18)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(18)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(20)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(20)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(21)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(21)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7(8)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7(8)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SC-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SC-8\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-1\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-1\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-10\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-10\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-11\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-11\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-12\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-12\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-16\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-16\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-2(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-2(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-2(3)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2(3)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-2\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-2\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-3(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-3(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-3(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-3\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-3\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(11)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(11)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(14)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(14)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(16)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(16)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(18)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(18)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(19)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(19)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(20)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(20)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(22)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(22)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(23)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(23)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(24)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(24)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(4)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(4)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-4\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-4\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-5(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-5\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-5\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-6\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-6\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-7(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-7(14)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(14)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-7(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-7(5)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(5)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-7(7)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7(7)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-7\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-7\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-8(1)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(1)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-8(2)\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8(2)\"\r\n },\r\n {\r\n \"name\": \"NIST_SP_800-53_R4_SI-8\",\r\n \"additionalMetadataId\": \"/providers/Microsoft.PolicyInsights/policyMetadata/NIST_SP_800-53_R4_SI-8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit FedRAMP High controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of FedRAMP H controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/fedramph-blueprint.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"listOfAllowedLocationsForResourcesAndResourceGroups\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"Allowed locations for resources and resource groups\",\r\n \"description\": \"This policy enables you to restrict the locations your organization can create resource groups in or deploy resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.\",\r\n \"strongType\": \"location\"\r\n }\r\n },\r\n \"membersToIncludeInAdministratorsLocalGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to be included in the Administrators local group\",\r\n \"description\": \"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n },\r\n \"membersToExcludeInAdministratorsLocalGroup\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members that should be excluded in the Administrators local group\",\r\n \"description\": \"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n },\r\n \"logAnalyticsWorkspaceIdForVMs\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n },\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n },\r\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerability assessment should be enabled on your SQL managed instances\",\r\n \"description\": \"Audit SQL managed instances which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssessmentOnServerMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerability assessment should be enabled on your SQL servers\",\r\n \"description\": \"Audit Azure SQL servers which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssessmentOnVirtualMachinesEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Vulnerability Assessment should be enabled on Virtual Machines\",\r\n \"description\": \"Monitors vulnerabilities detected by Azure Security Center Vulnerability Assessment on Virtual Machines\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"geoRedundancyEnabledForStorageAccountsEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Geo-redundant storage should be enabled for Storage Accounts\",\r\n \"description\": \"This policy audits any Storage Account with geo-redundant storage not enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"geoRedundancyEnabledForAzureDatabaseForMariaDBEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Geo-redundant backup should be enabled for Azure Database for MariaDB\",\r\n \"description\": \"This policy audits any Azure Database for MariaDB with geo-redundant backup not enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"geoRedundancyEnabledForAzureDatabaseForMySQLEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Geo-redundant backup should be enabled for Azure Database for MySQL\",\r\n \"description\": \"This policy audits any Azure Database for MySQL with geo-redundant backup not enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Geo-redundant backup should be enabled for Azure Database for PostgreSQL\",\r\n \"description\": \"This policy audits any Azure Database for PostgreSQL with geo-redundant backup not enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"adaptiveNetworkHardeningsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network Security Group Rules for Internet facing virtual machines should be hardened\",\r\n \"description\": \"Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Web Application should only be accessible over HTTPS\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in Web App\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Function App should only be accessible over HTTPS\",\r\n \"description\": \"Enable or disable the monitoring of the use of HTTPS in function App\"\r\n },\r\n \"allowedValues\": [\r\n \"Audit\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"Audit\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"External accounts with write permissions should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"External accounts with read permissions should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"External accounts with owner permissions should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of external acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Deprecated accounts with owner permissions should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Deprecated accounts should be removed from your subscription\",\r\n \"description\": \"Enable or disable the monitoring of deprecated acounts in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"CORS should not allow every resource to access your Web Application\",\r\n \"description\": \"Enable or disable the monitoring of CORS restrictions for API Web\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"vmssSystemUpdatesMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System updates on virtual machine scale sets should be installed\",\r\n \"description\": \"Enable or disable virtual machine scale sets reporting of system updates\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"MFA should be enabled on accounts with read permissions on your subscription\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with read permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"MFA should be enabled on accounts with owner permissions on your subscription\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with owner permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"MFA should be enabled accounts with write permissions on your subscription\",\r\n \"description\": \"Enable or disable the monitoring of MFA for accounts with write permissions in subscription\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n },\r\n \"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Long-term geo-redundant backup should be enabled for Azure SQL Databases\",\r\n \"description\": \"This policy audits any Azure SQL Database with long-term geo-redundant backup not enabled.\"\r\n },\r\n \"allowedValues\": [\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"AuditIfNotExists\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorUnprotectedWebApplicationInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditVirtualMachinesWithoutDisasterRecoveryConfigured\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditUsageOfCustomRBACRules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"serviceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"transparentDataEncryptionOnSqlDatabasesShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"advancedDataSecurityShouldBeEnabledOnYourSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditSqlServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"advancedDataSecurityShouldBeEnabledOnYourManagedInstances\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"anAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"diskEncryptionShouldBeAppliedOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilitiesOnYourSqlDatabasesShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"systemUpdatesShouldBeInstalledOnYourMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"monitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditWindowsVmShouldNotStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditWindowsVmPasswordsMustBeAtLeast14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditWindowsVmEnforcesPasswordComplexityRequirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditWindowsVmMinimumPasswordAge1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditWindowsVmMaximumPasswordAge70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditWindowsVmShouldNotAllowPrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditLinuxVmPasswdFilePermissions\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditLinuxVMsThatHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"dDoSProtectionStandardShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"remoteDebuggingShouldBeTurnedOffForApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"remoteDebuggingShouldBeTurnedOffForWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"remoteDebuggingShouldBeTurnedOffForFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"thereShouldBeMoreThanOneOwnerAssignedToYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"aMaximumOf3OwnersShouldBeDesignatedForYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"apiAppShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssessmentOnManagedInstanceMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssessmentOnManagedInstanceMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vulnerabilityAssessmentOnServerMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssessmentOnServerMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilityAssessmentshouldbeenabledonVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vulnerabilityAssessmentOnVirtualMachinesEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"geoRedundantStorageShouldBeEnabledForStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bf045164-79ba-4215-8f95-f8048dc1780b\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('geoRedundancyEnabledForStorageAccountsEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('geoRedundancyEnabledForAzureDatabaseForMariaDBEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQL\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('geoRedundancyEnabledForAzureDatabaseForMySQLEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"allowedLocationsForResourceGroups\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"value\": \"[parameters('listOfAllowedLocationsForResourcesAndResourceGroups')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"allowedLocationsForResources\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c\",\r\n \"parameters\": {\r\n \"listOfAllowedLocations\": {\r\n \"value\": \"[parameters('listOfAllowedLocationsForResourcesAndResourceGroups')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"deployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"parameters\": {\r\n \"membersToInclude\": {\r\n \"value\": \"[parameters('membersToIncludeInAdministratorsLocalGroup')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\r\n \"parameters\": {\r\n \"membersToExclude\": {\r\n \"value\": \"[parameters('membersToExcludeInAdministratorsLocalGroup')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"auditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypes')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"adaptiveNetworkHardeningsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('adaptiveNetworkHardeningsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"previewAuditLogAnalyticsWorkspaceForVmReportMismatch\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"value\": \"[parameters('logAnalyticsWorkspaceIdForVMs')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"functionAppEnforceHttpsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('functionAppEnforceHttpsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveExternalAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityRemoveDeprecatedAccountMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"webAppRestrictCORSAccessMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('webAppRestrictCORSAccessMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"vmssSystemUpdatesMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('vmssSystemUpdatesMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForWritePermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForReadPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"identityEnableMFAForOwnerPermissionsMonitoring\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"longtermGeoRedundantBackupEnabledAzureSQLDatabases\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[parameters('longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d5264498-16f4-418a-b659-fa7ef418175f\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d5264498-16f4-418a-b659-fa7ef418175f\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit Windows VMs that do not match Azure security baseline settings\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines with non-compliant Azure security baseline configurations. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\",\r\n \"preview\": true\r\n },\r\n \"parameters\": {\r\n \"EnableInsecureGuestLogons\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable insecure guest logons\",\r\n \"description\": \"Specifies whether the SMB client will allow insecure guest logons to an SMB server.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow simultaneous connections to the Internet or a Windows Domain\",\r\n \"description\": \"Specify whether to prevent computers from connecting to both a domain based network and a non-domain based network at the same time. A value of 0 allows simultaneous connections, and a value of 1 blocks them.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"TurnOffMulticastNameResolution\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Turn off multicast name resolution\",\r\n \"description\": \"Specifies whether LLMNR, a secondary name resolution protocol that transmits using multicast over a local subnet link on a single subnet, is enabled.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"AlwaysUseClassicLogon\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Always use classic logon\",\r\n \"description\": \"Specifies whether to force the user to log on to the computer using the classic logon screen. This setting only works when the computer is not on a domain.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"BootStartDriverInitializationPolicy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Boot-Start Driver Initialization Policy\",\r\n \"description\": \"Specifies which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver.\"\r\n },\r\n \"defaultValue\": \"3\"\r\n },\r\n \"EnableWindowsNTPClient\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable Windows NTP Client\",\r\n \"description\": \"Specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"TurnOnConveniencePINSignin\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Turn on convenience PIN sign-in\",\r\n \"description\": \"Specifies whether a domain user can sign in using a convenience PIN.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AccountsGuestAccountStatus\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Accounts: Guest account status\",\r\n \"description\": \"Specifies whether the local Guest account is disabled.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit: Shut down system immediately if unable to log security audits\",\r\n \"description\": \"Audits if the system will shut down when unable to log Security events.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"DevicesAllowedToFormatAndEjectRemovableMedia\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Devices: Allowed to format and eject removable media\",\r\n \"description\": \"Specifies who is allowed to format and eject removable NTFS media. You can use this policy setting to prevent unauthorized users from removing data on one computer to access it on another computer on which they have local administrator privileges.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"MicrosoftNetworkClientDigitallySignCommunicationsAlways\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network client: Digitally sign communications (always)\",\r\n \"description\": \"Specifies whether packet signing is required by the SMB client component.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network client: Send unencrypted password to third-party SMB servers\",\r\n \"description\": \"Specifies whether the SMB redirector will send plaintext passwords during authentication to third-party SMB servers that do not support password encryption. It is recommended that you disable this policy setting unless there is a strong business case to enable it.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Amount of idle time required before suspending session\",\r\n \"description\": \"Specifies the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity. The format of the value is two integers separated by a comma, denoting an inclusive range.\"\r\n },\r\n \"defaultValue\": \"1,15\"\r\n },\r\n \"MicrosoftNetworkServerDigitallySignCommunicationsAlways\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Digitally sign communications (always)\",\r\n \"description\": \"Specifies whether packet signing is required by the SMB server component.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Microsoft network server: Disconnect clients when logon hours expire\",\r\n \"description\": \"Specifies whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. If you enable this policy setting you should also enable 'Network security: Force logoff when logon hours expire'\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Remotely accessible registry paths\",\r\n \"description\": \"Specifies which registry paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key.\"\r\n },\r\n \"defaultValue\": \"System\\\\CurrentControlSet\\\\Control\\\\ProductOptions|#|System\\\\CurrentControlSet\\\\Control\\\\Server Applications|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Remotely accessible registry paths and sub-paths\",\r\n \"description\": \"Specifies which registry paths and sub-paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key.\"\r\n },\r\n \"defaultValue\": \"System\\\\CurrentControlSet\\\\Control\\\\Print\\\\Printers|#|System\\\\CurrentControlSet\\\\Services\\\\Eventlog|#|Software\\\\Microsoft\\\\OLAP Server|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Print|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows|#|System\\\\CurrentControlSet\\\\Control\\\\ContentIndex|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\UserConfig|#|System\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\DefaultUserConfiguration|#|Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Perflib|#|System\\\\CurrentControlSet\\\\Services\\\\SysmonLog\"\r\n },\r\n \"NetworkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network access: Shares that can be accessed anonymously\",\r\n \"description\": \"Specifies which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network Security: Configure encryption types allowed for Kerberos\",\r\n \"description\": \"Specifies the encryption types that Kerberos is allowed to use.\"\r\n },\r\n \"defaultValue\": \"2147483644\"\r\n },\r\n \"NetworkSecurityLANManagerAuthenticationLevel\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: LAN Manager authentication level\",\r\n \"description\": \"Specify which challenge-response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers.\"\r\n },\r\n \"defaultValue\": \"5\"\r\n },\r\n \"NetworkSecurityLDAPClientSigningRequirements\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: LDAP client signing requirements\",\r\n \"description\": \"Specify the level of data signing that is requested on behalf of clients that issue LDAP BIND requests.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: Minimum session security for NTLM SSP based (including secure RPC) clients\",\r\n \"description\": \"Specifies which behaviors are allowed by clients for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers for more information.\"\r\n },\r\n \"defaultValue\": \"537395200\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Network security: Minimum session security for NTLM SSP based (including secure RPC) servers\",\r\n \"description\": \"Specifies which behaviors are allowed by servers for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services.\"\r\n },\r\n \"defaultValue\": \"537395200\"\r\n },\r\n \"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Recovery console: Allow floppy copy and access to all drives and all folders\",\r\n \"description\": \"Specifies whether to make the Recovery Console SET command available, which allows setting of recovery console environment variables.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Shutdown: Allow system to be shut down without having to log on\",\r\n \"description\": \"Specifies whether a computer can be shut down when a user is not logged on. If this policy setting is enabled, the shutdown command is available on the Windows logon screen.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"ShutdownClearVirtualMemoryPagefile\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Shutdown: Clear virtual memory pagefile\",\r\n \"description\": \"Specifies whether the virtual memory pagefile is cleared when the system is shut down. When this policy setting is enabled, the system pagefile is cleared each time that the system shuts down properly. For systems with large amounts of RAM, this could result in substantial time needed to complete the shutdown.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies\",\r\n \"description\": \"Specifies whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. It enables or disables certificate rules (a type of software restriction policies rule). For certificate rules to take effect in software restriction policies, you must enable this policy setting.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"UACAdminApprovalModeForTheBuiltinAdministratorAccount\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Admin Approval Mode for the Built-in Administrator account\",\r\n \"description\": \"Specifies the behavior of Admin Approval Mode for the built-in Administrator account.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Behavior of the elevation prompt for administrators in Admin Approval Mode\",\r\n \"description\": \"Specifies the behavior of the elevation prompt for administrators.\"\r\n },\r\n \"defaultValue\": \"2\"\r\n },\r\n \"UACDetectApplicationInstallationsAndPromptForElevation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Detect application installations and prompt for elevation\",\r\n \"description\": \"Specifies the behavior of application installation detection for the computer.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"UACRunAllAdministratorsInAdminApprovalMode\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"UAC: Run all administrators in Admin Approval Mode\",\r\n \"description\": \"Specifies the behavior of all User Account Control (UAC) policy settings for the computer.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"EnforcePasswordHistory\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Enforce password history\",\r\n \"description\": \"Specifies limits on password reuse - how many times a new password must be created for a user account before the password can be repeated.\"\r\n },\r\n \"defaultValue\": \"24\"\r\n },\r\n \"MaximumPasswordAge\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Maximum password age\",\r\n \"description\": \"Specifies the maximum number of days that may elapse before a user account password must be changed. The format of the value is two integers separated by a comma, denoting an inclusive range.\"\r\n },\r\n \"defaultValue\": \"1,70\"\r\n },\r\n \"MinimumPasswordAge\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Minimum password age\",\r\n \"description\": \"Specifies the minimum number of days that must elapse before a user account password can be changed.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"MinimumPasswordLength\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Minimum password length\",\r\n \"description\": \"Specifies the minimum number of characters that a user account password may contain.\"\r\n },\r\n \"defaultValue\": \"14\"\r\n },\r\n \"PasswordMustMeetComplexityRequirements\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Password must meet complexity requirements\",\r\n \"description\": \"Specifies whether a user account password must be complex. If required, a complex password must not contain part of user's account name or full name; be at least 6 characters long; contain a mix of uppercase, lowercase, number, and non-alphabetic characters.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"AuditCredentialValidation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Credential Validation\",\r\n \"description\": \"Specifies whether audit events are generated when credentials are submitted for a user account logon request. This setting is especially useful for monitoring unsuccessful attempts, to find brute-force attacks, account enumeration, and potential account compromise events on domain controllers.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"Success and Failure\"\r\n },\r\n \"AuditProcessTermination\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Process Termination\",\r\n \"description\": \"Specifies whether audit events are generated when a process has exited. Recommended for monitoring termination of critical processes.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"AuditGroupMembership\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Group Membership\",\r\n \"description\": \"Specifies whether audit events are generated when group memberships are enumerated on the client computer.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"Success\"\r\n },\r\n \"AuditDetailedFileShare\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Detailed File Share\",\r\n \"description\": \"If this policy setting is enabled, access to all shared files and folders on the system is audited. Auditing for Success can lead to very high volumes of events.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"AuditFileShare\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit File Share\",\r\n \"description\": \"Specifies whether to audit events related to file shares: creation, deletion, modification, and access attempts. Also, it shows failed SMB SPN checks. Event volumes can be high on DCs and File Servers.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"AuditFileSystem\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit File System\",\r\n \"description\": \"Specifies whether audit events are generated when users attempt to access file system objects. Audit events are generated only for objects that have configured system access control lists (SACLs).\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"AuditAuthenticationPolicyChange\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Authentication Policy Change\",\r\n \"description\": \"Specifies whether audit events are generated when changes are made to authentication policy. This setting is useful for tracking changes in domain-level and forest-level trust and privileges that are granted to user accounts or groups.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"Success\"\r\n },\r\n \"AuditAuthorizationPolicyChange\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Authorization Policy Change\",\r\n \"description\": \"Specifies whether audit events are generated for assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"AuditOtherSystemEvents\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Audit Other System Events\",\r\n \"description\": \"Specifies whether audit events are generated for Windows Firewall Service and Windows Firewall driver start and stop events, failure events for these services and Windows Firewall Service policy processing failures.\"\r\n },\r\n \"allowedValues\": [\r\n \"No Auditing\",\r\n \"Success\",\r\n \"Failure\",\r\n \"Success and Failure\"\r\n ],\r\n \"defaultValue\": \"No Auditing\"\r\n },\r\n \"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may access this computer from the network\",\r\n \"description\": \"Specifies which remote users on the network are permitted to connect to the computer. This does not include Remote Desktop Connection.\"\r\n },\r\n \"defaultValue\": \"Administrators, Authenticated Users\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnLocally\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may log on locally\",\r\n \"description\": \"Specifies which users or groups can interactively log on to the computer. Users who attempt to log on via Remote Desktop Connection or IIS also require this user right.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may log on through Remote Desktop Services\",\r\n \"description\": \"Specifies which users or groups are permitted to log on as a Terminal Services client, Remote Desktop, or for Remote Assistance.\"\r\n },\r\n \"defaultValue\": \"Administrators, Remote Desktop Users\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied access to this computer from the network\",\r\n \"description\": \"Specifies which users or groups are explicitly prohibited from connecting to the computer across the network.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersOrGroupsThatMayManageAuditingAndSecurityLog\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may manage auditing and security log\",\r\n \"description\": \"Specifies users and groups permitted to change the auditing options for files and directories and clear the Security log.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersOrGroupsThatMayBackUpFilesAndDirectories\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may back up files and directories\",\r\n \"description\": \"Specifies users and groups allowed to circumvent file and directory permissions to back up the system.\"\r\n },\r\n \"defaultValue\": \"Administrators, Backup Operators\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheSystemTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may change the system time\",\r\n \"description\": \"Specifies which users and groups are permitted to change the time and date on the internal clock of the computer.\"\r\n },\r\n \"defaultValue\": \"Administrators, LOCAL SERVICE\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheTimeZone\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may change the time zone\",\r\n \"description\": \"Specifies which users and groups are permitted to change the time zone of the computer.\"\r\n },\r\n \"defaultValue\": \"Administrators, LOCAL SERVICE\"\r\n },\r\n \"UsersOrGroupsThatMayCreateATokenObject\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may create a token object\",\r\n \"description\": \"Specifies which users and groups are permitted to create an access token, which may provide elevated rights to access sensitive data.\"\r\n },\r\n \"defaultValue\": \"No One\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied logging on as a batch job\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer as a batch job (i.e. scheduled task).\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsAService\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied logging on as a service\",\r\n \"description\": \"Specifies which service accounts are explicitly not permitted to register a process as a service.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLocalLogon\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied local logon\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that are denied log on through Remote Desktop Services\",\r\n \"description\": \"Specifies which users and groups are explicitly not permitted to log on to the computer via Terminal Services/Remote Desktop Client.\"\r\n },\r\n \"defaultValue\": \"Guests\"\r\n },\r\n \"UserAndGroupsThatMayForceShutdownFromARemoteSystem\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"User and groups that may force shutdown from a remote system\",\r\n \"description\": \"Specifies which users and groups are permitted to shut down the computer from a remote location on the network.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersAndGroupsThatMayRestoreFilesAndDirectories\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that may restore files and directories\",\r\n \"description\": \"Specifies which users and groups are permitted to bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories.\"\r\n },\r\n \"defaultValue\": \"Administrators, Backup Operators\"\r\n },\r\n \"UsersAndGroupsThatMayShutDownTheSystem\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users and groups that may shut down the system\",\r\n \"description\": \"Specifies which users and groups who are logged on locally to the computers in your environment are permitted to shut down the operating system with the Shut Down command.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Users or groups that may take ownership of files or other objects\",\r\n \"description\": \"Specifies which users and groups are permitted to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user.\"\r\n },\r\n \"defaultValue\": \"Administrators\"\r\n },\r\n \"SendFileSamplesWhenFurtherAnalysisIsRequired\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Send file samples when further analysis is required\",\r\n \"description\": \"Specifies whether and how Windows Defender will submit samples of suspected malware to Microsoft for further analysis when opt-in for MAPS telemetry is set.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"AllowIndexingOfEncryptedFiles\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow indexing of encrypted files\",\r\n \"description\": \"Specifies whether encrypted items are allowed to be indexed.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AllowTelemetry\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow Telemetry\",\r\n \"description\": \"Specifies configuration of the amount of diagnostic and usage data reported to Microsoft. The data is transmitted securely and sensitive data is not sent.\"\r\n },\r\n \"defaultValue\": \"2\"\r\n },\r\n \"AllowUnencryptedTraffic\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Allow unencrypted traffic\",\r\n \"description\": \"Specifies whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AlwaysInstallWithElevatedPrivileges\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Always install with elevated privileges\",\r\n \"description\": \"Specifies whether Windows Installer should use system permissions when it installs any program on the system.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"AlwaysPromptForPasswordUponConnection\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Always prompt for password upon connection\",\r\n \"description\": \"Specifies whether Terminal Services/Remote Desktop Connection always prompts the client computer for a password upon connection.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"ApplicationSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the Application event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"32768\"\r\n },\r\n \"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Automatically send memory dumps for OS-generated error reports\",\r\n \"description\": \"Specifies if memory dumps in support of OS-generated error reports can be sent to Microsoft automatically.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"ConfigureDefaultConsent\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Configure Default consent\",\r\n \"description\": \"Specifies setting of the default consent handling for error reports sent to Microsoft.\"\r\n },\r\n \"defaultValue\": \"4\"\r\n },\r\n \"ConfigureWindowsSmartScreen\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Configure Windows SmartScreen\",\r\n \"description\": \"Specifies how to manage the behavior of Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users before running unrecognized programs downloaded from the Internet. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"DisallowDigestAuthentication\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Disallow Digest authentication\",\r\n \"description\": \"Specifies whether the Windows Remote Management (WinRM) client will not use Digest authentication.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"DisallowWinRMFromStoringRunAsCredentials\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Disallow WinRM from storing RunAs credentials\",\r\n \"description\": \"Specifies whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"DoNotAllowPasswordsToBeSaved\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Do not allow passwords to be saved\",\r\n \"description\": \"Specifies whether to prevent Remote Desktop Services - Terminal Services clients from saving passwords on a computer.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"SecuritySpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Security: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the Security event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"196608\"\r\n },\r\n \"SetClientConnectionEncryptionLevel\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Set client connection encryption level\",\r\n \"description\": \"Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption.\"\r\n },\r\n \"defaultValue\": \"3\"\r\n },\r\n \"SetTheDefaultBehaviorForAutoRun\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Set the default behavior for AutoRun\",\r\n \"description\": \"Specifies the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"SetupSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Setup: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the Setup event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"32768\"\r\n },\r\n \"SystemSpecifyTheMaximumLogFileSizeKB\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"System: Specify the maximum log file size (KB)\",\r\n \"description\": \"Specifies the maximum size for the System event log in kilobytes.\"\r\n },\r\n \"defaultValue\": \"32768\"\r\n },\r\n \"TurnOffDataExecutionPreventionForExplorer\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Turn off Data Execution Prevention for Explorer\",\r\n \"description\": \"Specifies whether to turn off Data Execution Prevention for Windows File Explorer. Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"SpecifyTheIntervalToCheckForDefinitionUpdates\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Specify the interval to check for definition updates\",\r\n \"description\": \"Specifies an interval at which to check for Windows Defender definition updates. The time value is represented as the number of hours between update checks.\"\r\n },\r\n \"defaultValue\": \"8\"\r\n },\r\n \"WindowsFirewallDomainUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Domain profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Domain profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Domain): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Private profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Private profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPrivateDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Private): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Private profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicUseProfileSettings\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Use profile settings\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security uses the settings for the Public profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Behavior for outbound connections\",\r\n \"description\": \"Specifies the behavior for outbound connections for the Public profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Apply local connection security rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Apply local firewall rules\",\r\n \"description\": \"Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallPublicDisplayNotifications\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall (Public): Display notifications\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"WindowsFirewallDomainAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Domain: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Domain profile.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPrivateAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Private: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Private profile.\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"WindowsFirewallPublicAllowUnicastResponse\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Windows Firewall: Public: Allow unicast response\",\r\n \"description\": \"Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_AdministrativeTemplatesControlPanel\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_AdministrativeTemplatesNetwork\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8\",\r\n \"parameters\": {\r\n \"EnableInsecureGuestLogons\": {\r\n \"value\": \"[parameters('EnableInsecureGuestLogons')]\"\r\n },\r\n \"AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain\": {\r\n \"value\": \"[parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain')]\"\r\n },\r\n \"TurnOffMulticastNameResolution\": {\r\n \"value\": \"[parameters('TurnOffMulticastNameResolution')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_AdministrativeTemplatesSystem\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899\",\r\n \"parameters\": {\r\n \"AlwaysUseClassicLogon\": {\r\n \"value\": \"[parameters('AlwaysUseClassicLogon')]\"\r\n },\r\n \"BootStartDriverInitializationPolicy\": {\r\n \"value\": \"[parameters('BootStartDriverInitializationPolicy')]\"\r\n },\r\n \"EnableWindowsNTPClient\": {\r\n \"value\": \"[parameters('EnableWindowsNTPClient')]\"\r\n },\r\n \"TurnOnConveniencePINSignin\": {\r\n \"value\": \"[parameters('TurnOnConveniencePINSignin')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_AdminstrativeTemplatesMSSLegacy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3\",\r\n \"parameters\": {\r\n \"AccountsGuestAccountStatus\": {\r\n \"value\": \"[parameters('AccountsGuestAccountStatus')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsAudit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3\",\r\n \"parameters\": {\r\n \"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits\": {\r\n \"value\": \"[parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsDevices\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897\",\r\n \"parameters\": {\r\n \"DevicesAllowedToFormatAndEjectRemovableMedia\": {\r\n \"value\": \"[parameters('DevicesAllowedToFormatAndEjectRemovableMedia')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsInteractiveLogon\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkClient\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bbcdd8fa-b600-4ee3-85b8-d184e3339652\",\r\n \"parameters\": {\r\n \"MicrosoftNetworkClientDigitallySignCommunicationsAlways\": {\r\n \"value\": \"[parameters('MicrosoftNetworkClientDigitallySignCommunicationsAlways')]\"\r\n },\r\n \"MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers\": {\r\n \"value\": \"[parameters('MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers')]\"\r\n },\r\n \"MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession')]\"\r\n },\r\n \"MicrosoftNetworkServerDigitallySignCommunicationsAlways\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerDigitallySignCommunicationsAlways')]\"\r\n },\r\n \"MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire\": {\r\n \"value\": \"[parameters('MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsNetworkAccess\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a\",\r\n \"parameters\": {\r\n \"NetworkAccessRemotelyAccessibleRegistryPaths\": {\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPaths')]\"\r\n },\r\n \"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths\": {\r\n \"value\": \"[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths')]\"\r\n },\r\n \"NetworkAccessSharesThatCanBeAccessedAnonymously\": {\r\n \"value\": \"[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsNetworkSecurity\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b\",\r\n \"parameters\": {\r\n \"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos\": {\r\n \"value\": \"[parameters('NetworkSecurityConfigureEncryptionTypesAllowedForKerberos')]\"\r\n },\r\n \"NetworkSecurityLANManagerAuthenticationLevel\": {\r\n \"value\": \"[parameters('NetworkSecurityLANManagerAuthenticationLevel')]\"\r\n },\r\n \"NetworkSecurityLDAPClientSigningRequirements\": {\r\n \"value\": \"[parameters('NetworkSecurityLDAPClientSigningRequirements')]\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients\": {\r\n \"value\": \"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients')]\"\r\n },\r\n \"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers\": {\r\n \"value\": \"[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsRecoveryconsole\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b\",\r\n \"parameters\": {\r\n \"RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders\": {\r\n \"value\": \"[parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsShutdown\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da\",\r\n \"parameters\": {\r\n \"ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn\": {\r\n \"value\": \"[parameters('ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn')]\"\r\n },\r\n \"ShutdownClearVirtualMemoryPagefile\": {\r\n \"value\": \"[parameters('ShutdownClearVirtualMemoryPagefile')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsSystemobjects\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsSystemsettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5\",\r\n \"parameters\": {\r\n \"SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies\": {\r\n \"value\": \"[parameters('SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecurityOptionsUserAccountControl\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc\",\r\n \"parameters\": {\r\n \"UACAdminApprovalModeForTheBuiltinAdministratorAccount\": {\r\n \"value\": \"[parameters('UACAdminApprovalModeForTheBuiltinAdministratorAccount')]\"\r\n },\r\n \"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode\": {\r\n \"value\": \"[parameters('UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode')]\"\r\n },\r\n \"UACDetectApplicationInstallationsAndPromptForElevation\": {\r\n \"value\": \"[parameters('UACDetectApplicationInstallationsAndPromptForElevation')]\"\r\n },\r\n \"UACRunAllAdministratorsInAdminApprovalMode\": {\r\n \"value\": \"[parameters('UACRunAllAdministratorsInAdminApprovalMode')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SecuritySettingsAccountPolicies\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c\",\r\n \"parameters\": {\r\n \"EnforcePasswordHistory\": {\r\n \"value\": \"[parameters('EnforcePasswordHistory')]\"\r\n },\r\n \"MaximumPasswordAge\": {\r\n \"value\": \"[parameters('MaximumPasswordAge')]\"\r\n },\r\n \"MinimumPasswordAge\": {\r\n \"value\": \"[parameters('MinimumPasswordAge')]\"\r\n },\r\n \"MinimumPasswordLength\": {\r\n \"value\": \"[parameters('MinimumPasswordLength')]\"\r\n },\r\n \"PasswordMustMeetComplexityRequirements\": {\r\n \"value\": \"[parameters('PasswordMustMeetComplexityRequirements')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesAccountLogon\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65\",\r\n \"parameters\": {\r\n \"AuditCredentialValidation\": {\r\n \"value\": \"[parameters('AuditCredentialValidation')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505\",\r\n \"parameters\": {\r\n \"AuditProcessTermination\": {\r\n \"value\": \"[parameters('AuditProcessTermination')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesLogonLogoff\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930\",\r\n \"parameters\": {\r\n \"AuditGroupMembership\": {\r\n \"value\": \"[parameters('AuditGroupMembership')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesObjectAccess\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a\",\r\n \"parameters\": {\r\n \"AuditDetailedFileShare\": {\r\n \"value\": \"[parameters('AuditDetailedFileShare')]\"\r\n },\r\n \"AuditFileShare\": {\r\n \"value\": \"[parameters('AuditFileShare')]\"\r\n },\r\n \"AuditFileSystem\": {\r\n \"value\": \"[parameters('AuditFileSystem')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesPolicyChange\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13\",\r\n \"parameters\": {\r\n \"AuditAuthenticationPolicyChange\": {\r\n \"value\": \"[parameters('AuditAuthenticationPolicyChange')]\"\r\n },\r\n \"AuditAuthorizationPolicyChange\": {\r\n \"value\": \"[parameters('AuditAuthorizationPolicyChange')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesPrivilegeUse\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_SystemAuditPoliciesSystem\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473\",\r\n \"parameters\": {\r\n \"AuditOtherSystemEvents\": {\r\n \"value\": \"[parameters('AuditOtherSystemEvents')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_UserRightsAssignment\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24\",\r\n \"parameters\": {\r\n \"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayAccessThisComputerFromTheNetwork')]\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnLocally\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnLocally')]\"\r\n },\r\n \"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork')]\"\r\n },\r\n \"UsersOrGroupsThatMayManageAuditingAndSecurityLog\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayManageAuditingAndSecurityLog')]\"\r\n },\r\n \"UsersOrGroupsThatMayBackUpFilesAndDirectories\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayBackUpFilesAndDirectories')]\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheSystemTime\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheSystemTime')]\"\r\n },\r\n \"UsersOrGroupsThatMayChangeTheTimeZone\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayChangeTheTimeZone')]\"\r\n },\r\n \"UsersOrGroupsThatMayCreateATokenObject\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayCreateATokenObject')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLoggingOnAsAService\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsAService')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLocalLogon\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLocalLogon')]\"\r\n },\r\n \"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices')]\"\r\n },\r\n \"UserAndGroupsThatMayForceShutdownFromARemoteSystem\": {\r\n \"value\": \"[parameters('UserAndGroupsThatMayForceShutdownFromARemoteSystem')]\"\r\n },\r\n \"UsersAndGroupsThatMayRestoreFilesAndDirectories\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatMayRestoreFilesAndDirectories')]\"\r\n },\r\n \"UsersAndGroupsThatMayShutDownTheSystem\": {\r\n \"value\": \"[parameters('UsersAndGroupsThatMayShutDownTheSystem')]\"\r\n },\r\n \"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects\": {\r\n \"value\": \"[parameters('UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_WindowsComponents\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24\",\r\n \"parameters\": {\r\n \"SendFileSamplesWhenFurtherAnalysisIsRequired\": {\r\n \"value\": \"[parameters('SendFileSamplesWhenFurtherAnalysisIsRequired')]\"\r\n },\r\n \"AllowIndexingOfEncryptedFiles\": {\r\n \"value\": \"[parameters('AllowIndexingOfEncryptedFiles')]\"\r\n },\r\n \"AllowTelemetry\": {\r\n \"value\": \"[parameters('AllowTelemetry')]\"\r\n },\r\n \"AllowUnencryptedTraffic\": {\r\n \"value\": \"[parameters('AllowUnencryptedTraffic')]\"\r\n },\r\n \"AlwaysInstallWithElevatedPrivileges\": {\r\n \"value\": \"[parameters('AlwaysInstallWithElevatedPrivileges')]\"\r\n },\r\n \"AlwaysPromptForPasswordUponConnection\": {\r\n \"value\": \"[parameters('AlwaysPromptForPasswordUponConnection')]\"\r\n },\r\n \"ApplicationSpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('ApplicationSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"AutomaticallySendMemoryDumpsForOSgeneratedErrorReports\": {\r\n \"value\": \"[parameters('AutomaticallySendMemoryDumpsForOSgeneratedErrorReports')]\"\r\n },\r\n \"ConfigureDefaultConsent\": {\r\n \"value\": \"[parameters('ConfigureDefaultConsent')]\"\r\n },\r\n \"ConfigureWindowsSmartScreen\": {\r\n \"value\": \"[parameters('ConfigureWindowsSmartScreen')]\"\r\n },\r\n \"DisallowDigestAuthentication\": {\r\n \"value\": \"[parameters('DisallowDigestAuthentication')]\"\r\n },\r\n \"DisallowWinRMFromStoringRunAsCredentials\": {\r\n \"value\": \"[parameters('DisallowWinRMFromStoringRunAsCredentials')]\"\r\n },\r\n \"DoNotAllowPasswordsToBeSaved\": {\r\n \"value\": \"[parameters('DoNotAllowPasswordsToBeSaved')]\"\r\n },\r\n \"SecuritySpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('SecuritySpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"SetClientConnectionEncryptionLevel\": {\r\n \"value\": \"[parameters('SetClientConnectionEncryptionLevel')]\"\r\n },\r\n \"SetTheDefaultBehaviorForAutoRun\": {\r\n \"value\": \"[parameters('SetTheDefaultBehaviorForAutoRun')]\"\r\n },\r\n \"SetupSpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('SetupSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"SystemSpecifyTheMaximumLogFileSizeKB\": {\r\n \"value\": \"[parameters('SystemSpecifyTheMaximumLogFileSizeKB')]\"\r\n },\r\n \"TurnOffDataExecutionPreventionForExplorer\": {\r\n \"value\": \"[parameters('TurnOffDataExecutionPreventionForExplorer')]\"\r\n },\r\n \"SpecifyTheIntervalToCheckForDefinitionUpdates\": {\r\n \"value\": \"[parameters('SpecifyTheIntervalToCheckForDefinitionUpdates')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_AzureBaseline_WindowsFirewallProperties\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9\",\r\n \"parameters\": {\r\n \"WindowsFirewallDomainUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallDomainBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallDomainApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallDomainDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallPrivateUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallPrivateBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallPrivateApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallPrivateDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallPublicUseProfileSettings\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicUseProfileSettings')]\"\r\n },\r\n \"WindowsFirewallPublicBehaviorForOutboundConnections\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicBehaviorForOutboundConnections')]\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalConnectionSecurityRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules')]\"\r\n },\r\n \"WindowsFirewallPublicApplyLocalFirewallRules\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicApplyLocalFirewallRules')]\"\r\n },\r\n \"WindowsFirewallPublicDisplayNotifications\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicDisplayNotifications')]\"\r\n },\r\n \"WindowsFirewallDomainAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallDomainAllowUnicastResponse')]\"\r\n },\r\n \"WindowsFirewallPrivateAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallPrivateAllowUnicastResponse')]\"\r\n },\r\n \"WindowsFirewallPublicAllowUnicastResponse\": {\r\n \"value\": \"[parameters('WindowsFirewallPublicAllowUnicastResponse')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_AdministrativeTemplatesControlPanel\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_AdministrativeTemplatesNetwork\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_AdministrativeTemplatesSystem\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_AdminstrativeTemplatesMSSLegacy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsAudit\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsDevices\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsInteractiveLogon\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkClient\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsNetworkAccess\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsNetworkSecurity\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsRecoveryconsole\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsShutdown\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3a77a94-cf41-4ee8-b45c-98be28841c03\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsSystemobjects\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsSystemsettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecurityOptionsUserAccountControl\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/29829ec2-489d-4925-81b7-bda06b1718e0\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SecuritySettingsAccountPolicies\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ddb53c61-9db4-41d4-a953-2abff5b66c12\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesAccountLogon\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesAccountManagement\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesLogonLogoff\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesObjectAccess\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesPolicyChange\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesPrivilegeUse\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_SystemAuditPoliciesSystem\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_UserRightsAssignment\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c961dac9-5916-42e8-8fb1-703148323994\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_WindowsComponents\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_AzureBaseline_WindowsFirewallProperties\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d618d658-b2d0-410e-9e2e-bfbfd04d09fa\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d618d658-b2d0-410e-9e2e-bfbfd04d09fa\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs that have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines that have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names (supports wildcards)\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should not be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0633351-c7b2-41ff-9981-508fc08553c2\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7e56b49b-5990-4159-a734-511ea19b731c\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/d7fff7ea-9d47-4952-b854-b7da261e48f2\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"d7fff7ea-9d47-4952-b854-b7da261e48f2\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit FedRAMP Moderate controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of FedRAMP M controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/fedrampm-blueprint.\",\r\n \"metadata\": {\r\n \"category\": \"Regulatory Compliance\"\r\n },\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics Workspace Id that VMs should be configured for\",\r\n \"description\": \"This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for.\"\r\n }\r\n },\r\n \"listOfResourceTypes\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"List of resource types that should have diagnostic logs enabled\"\r\n },\r\n \"allowedValues\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ],\r\n \"defaultValue\": [\r\n \"Microsoft.AnalysisServices/servers\",\r\n \"Microsoft.ApiManagement/service\",\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n },\r\n \"membersToExclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to exclude\",\r\n \"description\": \"A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n },\r\n \"membersToInclude\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Members to include\",\r\n \"description\": \"A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"MfaShouldBeEnabledOnAccountsWithOwnerPermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MFAShouldBeEnabledOnAccountsWithReadPermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MfaShouldBeEnabledAccountsWithWritePermissionsOnYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SystemUpdatesOnVirtualMachineScaleSetsShouldBeInstalled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"CorsShouldNotAllowEveryResourceToAccessYourWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeprecatedAccountsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithReadPermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ExternalAccountsWithWritePermissionsShouldBeRemovedFromYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"FunctionAppShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"WebApplicationShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ApiAppShouldOnlyBeAccessibleOverHttps\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentVmImageOsUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsAgentDeploymentInVmssVmImageOsUnlisted\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AMaximumOf3OwnersShouldBeDesignatedForYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForFunctionApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForWebApplication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"RemoteDebuggingShouldBeTurnedOffForApiApp\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DDoSProtectionStandardShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewShowAuditResultsFromWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatHaveAccountsWithoutPasswords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditLinuxVMsThatDoNotHaveThePasswdFilePermissionsSetTo0644\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatAllowReUseOfThePrevious24Passwords\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMaximumPasswordAgeOf70Days\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveAMinimumPasswordAgeOf1Day\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotHaveThePasswordComplexitySettingEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployRequirementsToAuditWindowsVMsThatDoNotRestrictTheMinimumPasswordLengthTo14Characters\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewDeployPrerequisitesToAuditWindowsVMsThatDoNotStorePasswordsUsingReversibleEncryption\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"MonitorMissingEndpointProtectionInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"SystemUpdatesShouldBeInstalledOnYourMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesInSecurityConfigurationOnYourMachinesShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesOnYourSqlDatabasesShouldBeRemediated\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DiskEncryptionShouldBeAppliedOnVirtualMachines\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VulnerabilitiesShouldBeRemediatedByAVulnerabilityAssessmentSolution\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditDiagnosticSetting\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9\",\r\n \"parameters\": {\r\n \"listOfResourceTypes\": {\r\n \"value\": \"[parameters('listOfResourceTypes')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"OnlySecureConnectionsToYourRedisCacheShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AnAzureActiveDirectoryAdministratorShouldBeProvisionedForSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSecureTransferToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdvancedDataSecurityShouldBeEnabledOnYourManagedInstances\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditSqlServerLevelAuditingSettings\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AdvancedDataSecurityShouldBeEnabledOnYourSqlServers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f3b44e5d-1456-475f-9c67-c66c4618e85a\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUnrestrictedNetworkAccessToStorageAccounts\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditUsageOfCustomRBACRules\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AuditVirtualMachinesWithoutDisasterRecoveryConfigured\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupContainsAnyOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba\",\r\n \"parameters\": {\r\n \"membersToExclude\": {\r\n \"value\": \"[parameters('membersToExclude')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsVMsInWhichTheAdministratorsGroupDoesNotContainAllOfTheSpecifiedMembers\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/93507a81-10a4-4af0-9ee2-34cf25a96e98\",\r\n \"parameters\": {\r\n \"membersToInclude\": {\r\n \"value\": \"[parameters('membersToInclude')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"DeployRequirementsToAuditWindowsWebServersThatAreNotUsingSecureCommunicationProtocols\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"TheNsGsRulesForWebApplicationsOnIaaSShouldBeHardened\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6\",\r\n \"parameters\": {}\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"PreviewAuditLogAnalyticsWorkspaceForVmReportMismatch\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917\",\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceId\": {\r\n \"value\": \"[parameters('logAnalyticsWorkspaceId')]\"\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"e95f5a9f-57ad-4d03-bb0b-b1d16db93693\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Windows VMs that do not have the specified Windows PowerShell execution policy\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Windows virtual machines where Windows PowerShell is not configured to use the specified PowerShell execution policy. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ExecutionPolicy\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"PowerShell Execution Policy\",\r\n \"description\": \"The expected PowerShell execution policy.\"\r\n },\r\n \"allowedValues\": [\r\n \"AllSigned\",\r\n \"Bypass\",\r\n \"Default\",\r\n \"RemoteSigned\",\r\n \"Restricted\",\r\n \"Undefined\",\r\n \"Unrestricted\"\r\n ]\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_WindowsPowerShellExecutionPolicy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e0efc13a-122a-47c5-b817-2ccfe5d12615\",\r\n \"parameters\": {\r\n \"ExecutionPolicy\": {\r\n \"value\": \"[parameters('ExecutionPolicy')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_WindowsPowerShellExecutionPolicy\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8036bd0-c10b-4931-86bb-94a878add855\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f000289c-47af-4043-87da-91ba9e1a2720\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f000289c-47af-4043-87da-91ba9e1a2720\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit Linux VMs that have the specified applications installed\",\r\n \"policyType\": \"BuiltIn\",\r\n \"description\": \"This initiative deploys the policy requirements and audits Linux virtual machines that have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol\",\r\n \"metadata\": {\r\n \"category\": \"Guest Configuration\"\r\n },\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Application names\",\r\n \"description\": \"A semicolon-separated list of the names of the applications that should not be installed. e.g. 'python; powershell'\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"Deploy_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/884b209a-963b-4520-8006-d20cb3c213e0\",\r\n \"parameters\": {\r\n \"ApplicationName\": {\r\n \"value\": \"[parameters('ApplicationName')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"Audit_NotInstalledApplicationLinux\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b842acb-0fe7-41b0-9f40-880ec4ad84d8\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/providers/Microsoft.Authorization/policySetDefinitions/f48bcc78-5400-4fb0-b913-5140a2e5fa20\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"f48bcc78-5400-4fb0-b913-5140a2e5fa20\"\r\n },\r\n {\r\n \"properties\": {\r\n \"displayName\": \"Audit tags\",\r\n \"policyType\": \"Custom\",\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"4992437408607186955\",\r\n \"policyDefinitionId\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBePerfTest\"\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"6536226483304969160\",\r\n \"policyDefinitionId\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/audit-tags.shouldBeUnitTest\"\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policySetDefinitions/audit-tags\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"name\": \"audit-tags\"\r\n }\r\n ]\r\n}",
"StatusCode": 200
},
{
- "RequestUri": "/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZjY3Y2M5MTgtZjY0Zi00YzNmLWFhMjQtYTg1NTQ2NWY5ZDQxL3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestUri": "/Subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L1N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
"RequestMethod": "PUT",
- "RequestBody": "{\r\n \"properties\": {\r\n \"scope\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41\",\r\n \"enforcementMode\": \"Default\"\r\n },\r\n \"name\": \"someName\"\r\n}",
+ "RequestBody": "{\r\n \"properties\": {\r\n \"enforcementMode\": \"Default\"\r\n },\r\n \"name\": \"someName\"\r\n}",
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
+ ],
+ "ParameterSetName": [
+ "DefaultParameterSet"
+ ],
+ "CommandName": [
+ "New-AzPolicyAssignment"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "85"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "westus:01327afb-1906-4543-b079-294c1485224e"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "1199"
+ ],
+ "x-ms-correlation-request-id": [
+ "a7c3f253-27b6-4b80-8e57-79e6f956f4e8"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTUS:20200109T013532Z:a7c3f253-27b6-4b80-8e57-79e6f956f4e8"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Date": [
+ "Thu, 09 Jan 2020 01:35:31 GMT"
+ ],
+ "Content-Length": [
+ "217"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"InvalidRequestContent\",\r\n \"message\": \"The request content was invalid and could not be deserialized: 'Required property 'policyDefinitionId' not found in JSON. Path 'properties', line 4, position 3.'.\"\r\n }\r\n}",
+ "StatusCode": 400
+ },
+ {
+ "RequestUri": "/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestMethod": "PUT",
+ "RequestBody": "{\r\n \"properties\": {\r\n \"scope\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6\",\r\n \"enforcementMode\": \"Default\"\r\n },\r\n \"name\": \"someName\"\r\n}",
+ "RequestHeaders": {
+ "User-Agent": [
+ "AzurePowershell/v1.0.0",
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"DefaultParameterSet"
@@ -159,16 +226,16 @@
"no-cache"
],
"x-ms-request-id": [
- "westus:a9149f19-8669-4cfe-b833-1c871ddc29c7"
+ "westus:52a782ce-9c0e-48f5-b17a-adb820afec06"
],
"x-ms-ratelimit-remaining-subscription-writes": [
- "1195"
+ "1199"
],
"x-ms-correlation-request-id": [
- "10ff0bf4-612f-478b-9ab5-38525d12904b"
+ "6a718c39-61dc-477d-b6eb-d98d005ad3d9"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T223947Z:10ff0bf4-612f-478b-9ab5-38525d12904b"
+ "WESTUS:20200109T013532Z:6a718c39-61dc-477d-b6eb-d98d005ad3d9"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -177,7 +244,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:39:46 GMT"
+ "Thu, 09 Jan 2020 01:35:32 GMT"
],
"Content-Length": [
"217"
@@ -196,14 +263,14 @@
"StatusCode": 400
},
{
- "RequestUri": "/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZjY3Y2M5MTgtZjY0Zi00YzNmLWFhMjQtYTg1NTQ2NWY5ZDQxL3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestUri": "/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
"RequestMethod": "PUT",
- "RequestBody": "{\r\n \"properties\": {\r\n \"scope\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41\",\r\n \"enforcementMode\": \"Default\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945\",\r\n \"parameters\": {\r\n \"parm1\": {\r\n \"value\": \"a\"\r\n },\r\n \"parm2\": {\r\n \"value\": \"b\"\r\n }\r\n }\r\n },\r\n \"name\": \"someName\"\r\n}",
+ "RequestBody": "{\r\n \"properties\": {\r\n \"scope\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6\",\r\n \"enforcementMode\": \"Default\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945\",\r\n \"parameters\": {\r\n \"parm1\": {\r\n \"value\": \"a\"\r\n },\r\n \"parm2\": {\r\n \"value\": \"b\"\r\n }\r\n }\r\n },\r\n \"name\": \"someName\"\r\n}",
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterObjectParameterSet"
@@ -226,16 +293,16 @@
"no-cache"
],
"x-ms-request-id": [
- "westus:d7f85eca-ff09-4886-8190-e6deb8b7f4c3"
+ "westus:4d05a6d0-2412-47ff-8011-f6a2bde4e53e"
],
"x-ms-ratelimit-remaining-subscription-writes": [
- "1196"
+ "1198"
],
"x-ms-correlation-request-id": [
- "13ff716b-9734-46c1-af3d-211cbd6ba08d"
+ "7f6df0e4-9baf-494b-9e7b-e7c8d6917805"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T223947Z:13ff716b-9734-46c1-af3d-211cbd6ba08d"
+ "WESTUS:20200109T013533Z:7f6df0e4-9baf-494b-9e7b-e7c8d6917805"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -244,7 +311,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:39:47 GMT"
+ "Thu, 09 Jan 2020 01:35:32 GMT"
],
"Content-Length": [
"212"
@@ -263,14 +330,14 @@
"StatusCode": 400
},
{
- "RequestUri": "/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZjY3Y2M5MTgtZjY0Zi00YzNmLWFhMjQtYTg1NTQ2NWY5ZDQxL3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestUri": "/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
"RequestMethod": "PUT",
- "RequestBody": "{\r\n \"properties\": {\r\n \"scope\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41\",\r\n \"enforcementMode\": \"Default\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945\",\r\n \"parameters\": {\r\n \"someKindaParameter\": {\r\n \"value\": [\r\n \"Mmmm\",\r\n \"Doh!\"\r\n ]\r\n }\r\n }\r\n },\r\n \"name\": \"someName\"\r\n}",
+ "RequestBody": "{\r\n \"properties\": {\r\n \"scope\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6\",\r\n \"enforcementMode\": \"Default\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945\",\r\n \"parameters\": {\r\n \"someKindaParameter\": {\r\n \"value\": [\r\n \"Mmmm\",\r\n \"Doh!\"\r\n ]\r\n }\r\n }\r\n },\r\n \"name\": \"someName\"\r\n}",
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterStringParameterSet"
@@ -293,16 +360,16 @@
"no-cache"
],
"x-ms-request-id": [
- "westus:8521198c-c815-460f-9409-0a67e9402280"
+ "westus:2a070578-ae06-46c1-a943-3877356a12d1"
],
"x-ms-ratelimit-remaining-subscription-writes": [
- "1198"
+ "1199"
],
"x-ms-correlation-request-id": [
- "1be8ef94-a179-4473-aaa6-e475fb099bdc"
+ "313ec754-af60-4778-b4e3-c25310a295a7"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T223948Z:1be8ef94-a179-4473-aaa6-e475fb099bdc"
+ "WESTUS:20200109T013534Z:313ec754-af60-4778-b4e3-c25310a295a7"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -311,7 +378,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:39:47 GMT"
+ "Thu, 09 Jan 2020 01:35:33 GMT"
],
"Content-Length": [
"219"
@@ -337,7 +404,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"DefaultParameterSet"
@@ -363,13 +430,13 @@
"gateway"
],
"x-ms-request-id": [
- "aced08bb-bd5c-4151-a592-decc6c8e70f4"
+ "bbc7fd7e-1410-48b2-82b4-268fbeb0e1d9"
],
"x-ms-correlation-request-id": [
- "aced08bb-bd5c-4151-a592-decc6c8e70f4"
+ "bbc7fd7e-1410-48b2-82b4-268fbeb0e1d9"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T223947Z:aced08bb-bd5c-4151-a592-decc6c8e70f4"
+ "WESTUS:20200109T013533Z:bbc7fd7e-1410-48b2-82b4-268fbeb0e1d9"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -378,7 +445,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:39:47 GMT"
+ "Thu, 09 Jan 2020 01:35:32 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -404,7 +471,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicySetParameterObjectParameterSet"
@@ -430,13 +497,13 @@
"gateway"
],
"x-ms-request-id": [
- "658fa801-7e7f-4675-a8de-4998bf81f40d"
+ "a98a0156-69fe-49b9-8596-d6d38671af91"
],
"x-ms-correlation-request-id": [
- "658fa801-7e7f-4675-a8de-4998bf81f40d"
+ "a98a0156-69fe-49b9-8596-d6d38671af91"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T223948Z:658fa801-7e7f-4675-a8de-4998bf81f40d"
+ "WESTUS:20200109T013534Z:a98a0156-69fe-49b9-8596-d6d38671af91"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -445,7 +512,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:39:47 GMT"
+ "Thu, 09 Jan 2020 01:35:33 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -466,6 +533,6 @@
],
"Names": {},
"Variables": {
- "SubscriptionId": "f67cc918-f64f-4c3f-aa24-a855465f9d41"
+ "SubscriptionId": "40d77f8e-5982-4e7e-bafa-b7cd23b123e6"
}
}
\ No newline at end of file
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestRemovePolicyAssignmentParameters.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestRemovePolicyAssignmentParameters.json
index 142bd90fc70f..df3b6369f981 100644
--- a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestRemovePolicyAssignmentParameters.json
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestRemovePolicyAssignmentParameters.json
@@ -1,14 +1,14 @@
{
"Entries": [
{
- "RequestUri": "/Subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyassignments?$filter=atScope()&api-version=2019-09-01",
- "EncodedRequestUri": "L1N1YnNjcmlwdGlvbnMvZjY3Y2M5MTgtZjY0Zi00YzNmLWFhMjQtYTg1NTQ2NWY5ZDQxL3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cz8kZmlsdGVyPWF0U2NvcGUoKSZhcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestUri": "/Subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments?$filter=atScope()&api-version=2019-09-01",
+ "EncodedRequestUri": "L1N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cz8kZmlsdGVyPWF0U2NvcGUoKSZhcGktdmVyc2lvbj0yMDE5LTA5LTAx",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"DefaultParameterSet"
@@ -28,16 +28,16 @@
"Accept-Encoding"
],
"x-ms-request-id": [
- "westus:ba14ce78-c667-4824-9981-3f63ceb64902"
+ "westus:285e7e88-7f0d-4d42-a180-d28a54d3d83e"
],
"x-ms-ratelimit-remaining-subscription-reads": [
- "11992"
+ "11999"
],
"x-ms-correlation-request-id": [
- "ca742b8f-3471-4784-98ad-f00b2d814942"
+ "d873920d-76bf-4b4a-b5b7-14fe754e6613"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T223608Z:ca742b8f-3471-4784-98ad-f00b2d814942"
+ "WESTUS:20200109T013116Z:d873920d-76bf-4b4a-b5b7-14fe754e6613"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -46,10 +46,10 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:36:08 GMT"
+ "Thu, 09 Jan 2020 01:31:15 GMT"
],
"Content-Length": [
- "10632"
+ "4821"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -61,18 +61,18 @@
"0"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"sku\": {\r\n \"name\": \"A0\",\r\n \"tier\": \"Free\"\r\n },\r\n \"properties\": {\r\n \"displayName\": \"Test Modify initiative\",\r\n \"policyDefinitionId\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policySetDefinitions/55afae72-7df0-417b-9eb7-f756576c854a\",\r\n \"scope\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41\",\r\n \"notScopes\": [],\r\n \"parameters\": {},\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"assignedBy\": \"Robert Gao\",\r\n \"parameterScopes\": {},\r\n \"createdBy\": \"0dc80135-ae53-4da3-8695-220a2d93aad8\",\r\n \"createdOn\": \"2019-08-29T00:36:56.3908822Z\",\r\n \"updatedBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"updatedOn\": \"2019-11-11T22:00:41.5492656Z\"\r\n },\r\n \"enforcementMode\": \"Default\"\r\n },\r\n \"identity\": {\r\n \"principalId\": \"48036e81-a2af-4e6c-9624-4908615cc36d\",\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"id\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyAssignments/3cf2c941d7b2418ca7b860e2\",\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"3cf2c941d7b2418ca7b860e2\",\r\n \"location\": \"eastus\"\r\n },\r\n {\r\n \"sku\": {\r\n \"name\": \"A0\",\r\n \"tier\": \"Free\"\r\n },\r\n \"properties\": {\r\n \"displayName\": \"chegg replace tag RG\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d157c373-a6c4-483d-aaad-570756956268\",\r\n \"scope\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41\",\r\n \"notScopes\": [],\r\n \"parameters\": {\r\n \"tagName\": {\r\n \"value\": \"cheggReplaced\"\r\n },\r\n \"tagValue\": {\r\n \"value\": \"true_112019_246PM\"\r\n }\r\n },\r\n \"description\": \"\",\r\n \"metadata\": {\r\n \"assignedBy\": \"Chris Eggert\",\r\n \"parameterScopes\": {},\r\n \"createdBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"createdOn\": \"2019-11-06T23:26:56.0841235Z\",\r\n \"updatedBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"updatedOn\": \"2019-11-20T22:46:27.8117346Z\"\r\n },\r\n \"enforcementMode\": \"DoNotEnforce\"\r\n },\r\n \"identity\": {\r\n \"principalId\": \"9f6b0b38-d4b1-43d7-9ec8-4905306fe6fa\",\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"id\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyAssignments/98a7c096f5154b8eadd36f8c\",\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"98a7c096f5154b8eadd36f8c\",\r\n \"location\": \"eastus\"\r\n },\r\n {\r\n \"sku\": {\r\n \"name\": \"A0\",\r\n \"tier\": \"Free\"\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[Preview]: Audit NIST SP 800-53 R4 controls and deploy specific VM Extensions to support audit requirements\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f\",\r\n \"scope\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41\",\r\n \"notScopes\": [],\r\n \"parameters\": {\r\n \"logAnalyticsWorkspaceIdforVMReporting\": {\r\n \"value\": \"fasdff\"\r\n },\r\n \"listOfResourceTypesWithDiagnosticLogsEnabled\": {\r\n \"value\": [\r\n \"Microsoft.Network/applicationGateways\",\r\n \"Microsoft.Automation/automationAccounts\",\r\n \"Microsoft.ContainerInstance/containerGroups\",\r\n \"Microsoft.ContainerRegistry/registries\",\r\n \"Microsoft.ContainerService/managedClusters\",\r\n \"Microsoft.Batch/batchAccounts\",\r\n \"Microsoft.Cdn/profiles/endpoints\",\r\n \"Microsoft.CognitiveServices/accounts\",\r\n \"Microsoft.DocumentDB/databaseAccounts\",\r\n \"Microsoft.DataFactory/factories\",\r\n \"Microsoft.DataLakeAnalytics/accounts\",\r\n \"Microsoft.DataLakeStore/accounts\",\r\n \"Microsoft.EventGrid/eventSubscriptions\",\r\n \"Microsoft.EventGrid/topics\",\r\n \"Microsoft.EventHub/namespaces\",\r\n \"Microsoft.Network/expressRouteCircuits\",\r\n \"Microsoft.Network/azureFirewalls\",\r\n \"Microsoft.HDInsight/clusters\",\r\n \"Microsoft.Devices/IotHubs\",\r\n \"Microsoft.KeyVault/vaults\",\r\n \"Microsoft.Network/loadBalancers\",\r\n \"Microsoft.Logic/integrationAccounts\",\r\n \"Microsoft.Logic/workflows\",\r\n \"Microsoft.DBforMySQL/servers\",\r\n \"Microsoft.Network/networkInterfaces\",\r\n \"Microsoft.Network/networkSecurityGroups\",\r\n \"Microsoft.DBforPostgreSQL/servers\",\r\n \"Microsoft.PowerBIDedicated/capacities\",\r\n \"Microsoft.Network/publicIPAddresses\",\r\n \"Microsoft.RecoveryServices/vaults\",\r\n \"Microsoft.Cache/redis\",\r\n \"Microsoft.Relay/namespaces\",\r\n \"Microsoft.Search/searchServices\",\r\n \"Microsoft.ServiceBus/namespaces\",\r\n \"Microsoft.SignalRService/SignalR\",\r\n \"Microsoft.Sql/servers/databases\",\r\n \"Microsoft.Sql/servers/elasticPools\",\r\n \"Microsoft.StreamAnalytics/streamingjobs\",\r\n \"Microsoft.TimeSeriesInsights/environments\",\r\n \"Microsoft.Network/trafficManagerProfiles\",\r\n \"Microsoft.Compute/virtualMachines\",\r\n \"Microsoft.Compute/virtualMachineScaleSets\",\r\n \"Microsoft.Network/virtualNetworks\",\r\n \"Microsoft.Network/virtualNetworkGateways\"\r\n ]\r\n },\r\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": {\r\n \"value\": \"cheggert\"\r\n },\r\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": {\r\n \"value\": \"rohitbh\"\r\n }\r\n },\r\n \"description\": \"This initiative includes audit and VM Extension deployment policies that address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/nist80053-blueprint.\",\r\n \"metadata\": {\r\n \"assignedBy\": \"Chris Eggert\",\r\n \"parameterScopes\": {},\r\n \"createdBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"createdOn\": \"2019-11-20T22:11:26.047177Z\",\r\n \"updatedBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"updatedOn\": \"2019-11-22T04:20:25.4141918Z\"\r\n },\r\n \"enforcementMode\": \"Default\"\r\n },\r\n \"identity\": {\r\n \"principalId\": \"c7519ca7-0d79-4b0f-af0b-0a4cfe3402d0\",\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"id\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyAssignments/d17bc2764dae4ec1be07d178\",\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"d17bc2764dae4ec1be07d178\",\r\n \"location\": \"eastus\"\r\n },\r\n {\r\n \"sku\": {\r\n \"name\": \"A0\",\r\n \"tier\": \"Free\"\r\n },\r\n \"properties\": {\r\n \"displayName\": \"rohitbh: Key vault access policy (Always give Joel access)\",\r\n \"policyDefinitionId\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyDefinitions/3863c624-094c-480d-bc42-74970b55e5e1\",\r\n \"scope\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41\",\r\n \"notScopes\": [],\r\n \"parameters\": {\r\n \"userObjectId\": {\r\n \"value\": \"644c17f7-2b49-4549-a67f-bcc0448cd850\"\r\n }\r\n },\r\n \"description\": \"Assignment description\",\r\n \"metadata\": {\r\n \"assignedBy\": \"Rohit Bhardwaj\",\r\n \"parameterScopes\": {},\r\n \"createdBy\": \"22ac4b8c-9194-4feb-b6c6-0e7a995fca2e\",\r\n \"createdOn\": \"2019-03-26T00:12:03.5422031Z\",\r\n \"updatedBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"updatedOn\": \"2019-11-12T22:23:50.9933459Z\"\r\n },\r\n \"enforcementMode\": \"DoNotEnforce\"\r\n },\r\n \"identity\": {\r\n \"principalId\": \"f12ee62c-35e6-45ec-b44b-13587ca23514\",\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"id\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyAssignments/ebccc544c4dd43d29c937f0c\",\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"ebccc544c4dd43d29c937f0c\",\r\n \"location\": \"eastus\"\r\n },\r\n {\r\n \"sku\": {\r\n \"name\": \"A0\",\r\n \"tier\": \"Free\"\r\n },\r\n \"properties\": {\r\n \"displayName\": \"chegg: Replace tag without becoming compliant\",\r\n \"policyDefinitionId\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyDefinitions/270f0d11-af30-4c15-95f7-28ba884518f0\",\r\n \"scope\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41\",\r\n \"notScopes\": [],\r\n \"parameters\": {},\r\n \"metadata\": {\r\n \"assignedBy\": \"Chris Eggert\",\r\n \"parameterScopes\": {},\r\n \"createdBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"createdOn\": \"2019-11-21T00:28:49.7568462Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"enforcementMode\": \"DoNotEnforce\"\r\n },\r\n \"identity\": {\r\n \"principalId\": \"8b9d526a-9e43-4d1b-8bfe-cfe4d90f3b58\",\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"id\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyAssignments/ee5909f9ee3f4c12bbed6efc\",\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"ee5909f9ee3f4c12bbed6efc\",\r\n \"location\": \"eastus\"\r\n },\r\n {\r\n \"sku\": {\r\n \"name\": \"A0\",\r\n \"tier\": \"Free\"\r\n },\r\n \"properties\": {\r\n \"displayName\": \"Empty deployment on each KeyVault resource (SUB)\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf\",\r\n \"scope\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41\",\r\n \"notScopes\": [],\r\n \"parameters\": {},\r\n \"description\": \"Deploys an empty deployment (with one output) on each KeyVault vault. Used for some PolicyInsights SDK tests.\",\r\n \"metadata\": {\r\n \"assignedBy\": \"Chris Eggert\",\r\n \"parameterScopes\": {},\r\n \"createdBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"createdOn\": \"2019-11-21T17:43:53.4694168Z\",\r\n \"updatedBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"updatedOn\": \"2019-11-21T17:44:38.1610927Z\"\r\n },\r\n \"enforcementMode\": \"DoNotEnforce\"\r\n },\r\n \"identity\": {\r\n \"principalId\": \"dfd2385a-7700-420f-b164-bd9ffb52285b\",\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"id\": \"/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyAssignments/fcddeb6113ec43798567dce2\",\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"fcddeb6113ec43798567dce2\",\r\n \"location\": \"eastus\"\r\n },\r\n {\r\n \"sku\": {\r\n \"name\": \"A0\",\r\n \"tier\": \"Free\"\r\n },\r\n \"properties\": {\r\n \"displayName\": \"Empty deployment on each KeyVault resource (MG)\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf\",\r\n \"scope\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest\",\r\n \"notScopes\": [],\r\n \"parameters\": {},\r\n \"description\": \"Deploys an empty deployment (with one output) on each KeyVault vault. Used for some PolicyInsights SDK tests.\",\r\n \"metadata\": {\r\n \"assignedBy\": \"Chris Eggert\",\r\n \"parameterScopes\": {},\r\n \"createdBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"createdOn\": \"2019-11-21T17:44:17.3643721Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"enforcementMode\": \"DoNotEnforce\"\r\n },\r\n \"identity\": {\r\n \"principalId\": \"067c1aa0-c425-4ad5-80fe-41d4639b1d42\",\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/d80d743b97874fd3bfd1d539\",\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"d80d743b97874fd3bfd1d539\",\r\n \"location\": \"eastus\"\r\n },\r\n {\r\n \"sku\": {\r\n \"name\": \"A0\",\r\n \"tier\": \"Free\"\r\n },\r\n \"properties\": {\r\n \"displayName\": \"Audit tag at MG\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106\",\r\n \"scope\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest\",\r\n \"notScopes\": [\r\n \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322\"\r\n ],\r\n \"parameters\": {},\r\n \"metadata\": {\r\n \"assignedBy\": \"Chris Eggert\",\r\n \"parameterScopes\": {},\r\n \"createdBy\": \"327c26bf-bf3e-4128-9b75-fbbd99e98739\",\r\n \"createdOn\": \"2019-09-19T21:02:48.2629834Z\",\r\n \"updatedBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"updatedOn\": \"2019-10-01T17:50:28.4254014Z\"\r\n },\r\n \"enforcementMode\": \"Default\"\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ef26e8bbc3da423ebf7fcb80\",\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"ef26e8bbc3da423ebf7fcb80\"\r\n }\r\n ]\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"sku\": {\r\n \"name\": \"A0\",\r\n \"tier\": \"Free\"\r\n },\r\n \"properties\": {\r\n \"displayName\": \"TagNameCaseTest\",\r\n \"policyDefinitionId\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyDefinitions/4ece3251-c015-4e6b-bad7-431cad00a3f6\",\r\n \"scope\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6\",\r\n \"notScopes\": [],\r\n \"parameters\": {},\r\n \"metadata\": {\r\n \"assignedBy\": \"Chris Stackhouse\",\r\n \"parameterScopes\": {},\r\n \"createdBy\": \"3d826307-2481-45a0-a271-bcf9333f914a\",\r\n \"createdOn\": \"2019-08-21T19:16:07.4077018Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"enforcementMode\": \"Default\"\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyAssignments/51df62459187464395b9eb9f\",\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"51df62459187464395b9eb9f\"\r\n },\r\n {\r\n \"sku\": {\r\n \"name\": \"A1\",\r\n \"tier\": \"Standard\"\r\n },\r\n \"properties\": {\r\n \"displayName\": \"ASC Default (subscription: 40d77f8e-5982-4e7e-bafa-b7cd23b123e6)\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8\",\r\n \"scope\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6\",\r\n \"parameters\": {},\r\n \"description\": \"This is the default set of policies monitored by Azure Security Center. It was automatically assigned as part of onboarding to Security Center. The default assignment contains only audit policies. For more information please visit https://aka.ms/ascpolicies\",\r\n \"metadata\": {\r\n \"assignedBy\": \"Security Center\",\r\n \"createdBy\": \"6878917f-bc1d-4e4e-bb24-12924205b215\",\r\n \"createdOn\": \"2019-02-20T19:08:35.3089897Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"enforcementMode\": \"Default\"\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn\",\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"SecurityCenterBuiltIn\"\r\n },\r\n {\r\n \"sku\": {\r\n \"name\": \"A0\",\r\n \"tier\": \"Free\"\r\n },\r\n \"properties\": {\r\n \"displayName\": \"Repro scenario for Github Issue 9747\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78\",\r\n \"scope\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6\",\r\n \"notScopes\": [\r\n \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/resourceGroups/cloud-shell-storage-westus\",\r\n \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/resourceGroups/NetworkWatcherRG\"\r\n ],\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"Audit\"\r\n }\r\n },\r\n \"metadata\": {\r\n \"createdBy\": \"3d826307-2481-45a0-a271-bcf9333f914a\",\r\n \"createdOn\": \"2019-12-06T20:12:38.0922122Z\",\r\n \"updatedBy\": \"3d826307-2481-45a0-a271-bcf9333f914a\",\r\n \"updatedOn\": \"2019-12-06T20:14:56.5017462Z\"\r\n },\r\n \"enforcementMode\": \"Default\"\r\n },\r\n \"id\": \"/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyAssignments/TestGithub9747\",\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"TestGithub9747\"\r\n },\r\n {\r\n \"sku\": {\r\n \"name\": \"A0\",\r\n \"tier\": \"Free\"\r\n },\r\n \"properties\": {\r\n \"displayName\": \"Empty deployment on each KeyVault resource (MG)\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/78a38c70-5549-49bd-8a16-fe3619e5d2cf\",\r\n \"scope\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest\",\r\n \"notScopes\": [],\r\n \"parameters\": {},\r\n \"description\": \"Deploys an empty deployment (with one output) on each KeyVault vault. Used for some PolicyInsights SDK tests.\",\r\n \"metadata\": {\r\n \"assignedBy\": \"Chris Eggert\",\r\n \"parameterScopes\": {},\r\n \"createdBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"createdOn\": \"2019-11-21T17:44:17.3643721Z\",\r\n \"updatedBy\": null,\r\n \"updatedOn\": null\r\n },\r\n \"enforcementMode\": \"DoNotEnforce\"\r\n },\r\n \"identity\": {\r\n \"principalId\": \"067c1aa0-c425-4ad5-80fe-41d4639b1d42\",\r\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\",\r\n \"type\": \"SystemAssigned\"\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/d80d743b97874fd3bfd1d539\",\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"d80d743b97874fd3bfd1d539\",\r\n \"location\": \"eastus\"\r\n },\r\n {\r\n \"sku\": {\r\n \"name\": \"A0\",\r\n \"tier\": \"Free\"\r\n },\r\n \"properties\": {\r\n \"displayName\": \"Audit tag at MG\",\r\n \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyDefinitions/03ae6c12-b46a-43f1-9f3d-c20620473106\",\r\n \"scope\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest\",\r\n \"notScopes\": [\r\n \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322\"\r\n ],\r\n \"parameters\": {},\r\n \"metadata\": {\r\n \"assignedBy\": \"Chris Eggert\",\r\n \"parameterScopes\": {},\r\n \"createdBy\": \"327c26bf-bf3e-4128-9b75-fbbd99e98739\",\r\n \"createdOn\": \"2019-09-19T21:02:48.2629834Z\",\r\n \"updatedBy\": \"36e2f355-d2e2-4fbc-88ab-4281639dff94\",\r\n \"updatedOn\": \"2019-10-01T17:50:28.4254014Z\"\r\n },\r\n \"enforcementMode\": \"Default\"\r\n },\r\n \"id\": \"/providers/Microsoft.Management/managementGroups/AzGovPerfTest/providers/Microsoft.Authorization/policyAssignments/ef26e8bbc3da423ebf7fcb80\",\r\n \"type\": \"Microsoft.Authorization/policyAssignments\",\r\n \"name\": \"ef26e8bbc3da423ebf7fcb80\"\r\n }\r\n ]\r\n}",
"StatusCode": 200
},
{
- "RequestUri": "/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZjY3Y2M5MTgtZjY0Zi00YzNmLWFhMjQtYTg1NTQ2NWY5ZDQxL3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestUri": "/Subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L1N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
"RequestMethod": "DELETE",
"RequestBody": "",
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -89,16 +89,16 @@
"no-cache"
],
"x-ms-request-id": [
- "westus:774d3af9-82fc-48fe-bc3a-62ff16916bb1"
+ "westus:8c06cdcb-f1c2-44b3-9e67-4d0ac29c77d6"
],
"x-ms-ratelimit-remaining-subscription-deletes": [
"14999"
],
"x-ms-correlation-request-id": [
- "69263b62-2ac0-4e7e-8025-6626189f6974"
+ "d72246f3-f4c7-41d1-b11b-246bfbaa341c"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T223609Z:69263b62-2ac0-4e7e-8025-6626189f6974"
+ "WESTUS:20200109T013117Z:d72246f3-f4c7-41d1-b11b-246bfbaa341c"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -107,7 +107,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:36:08 GMT"
+ "Thu, 09 Jan 2020 01:31:16 GMT"
],
"Expires": [
"-1"
@@ -120,14 +120,69 @@
"StatusCode": 204
},
{
- "RequestUri": "/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyAssignments/someName?api-version=2019-09-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZjY3Y2M5MTgtZjY0Zi00YzNmLWFhMjQtYTg1NTQ2NWY5ZDQxL3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lBc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestUri": "/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
"RequestMethod": "DELETE",
"RequestBody": "",
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
+ ],
+ "ParameterSetName": [
+ "NameParameterSet"
+ ],
+ "CommandName": [
+ "Remove-AzPolicyAssignment"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "westus:b348f7b2-a8de-492b-8377-c059f4024aaf"
+ ],
+ "x-ms-ratelimit-remaining-subscription-deletes": [
+ "14999"
+ ],
+ "x-ms-correlation-request-id": [
+ "ae99e66a-1027-45f4-b5cb-38d229cbc8d3"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTUS:20200109T013117Z:ae99e66a-1027-45f4-b5cb-38d229cbc8d3"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Date": [
+ "Thu, 09 Jan 2020 01:31:16 GMT"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "",
+ "StatusCode": 204
+ },
+ {
+ "RequestUri": "/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyAssignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lBc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestMethod": "DELETE",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "User-Agent": [
+ "AzurePowershell/v1.0.0",
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -144,16 +199,16 @@
"no-cache"
],
"x-ms-request-id": [
- "westus:60833477-76c8-407d-ba8e-1ae4fc568530"
+ "westus:5392143a-2bdb-42b3-9d1d-1a6868ce7b9f"
],
"x-ms-ratelimit-remaining-subscription-deletes": [
"14999"
],
"x-ms-correlation-request-id": [
- "b8f5186f-9525-45c8-80c9-ee887147ae24"
+ "43cf7dec-d5ef-4398-bddd-1f7d22ff3967"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T223609Z:b8f5186f-9525-45c8-80c9-ee887147ae24"
+ "WESTUS:20200109T013117Z:43cf7dec-d5ef-4398-bddd-1f7d22ff3967"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -162,7 +217,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:36:09 GMT"
+ "Thu, 09 Jan 2020 01:31:17 GMT"
],
"Expires": [
"-1"
@@ -177,6 +232,6 @@
],
"Names": {},
"Variables": {
- "SubscriptionId": "f67cc918-f64f-4c3f-aa24-a855465f9d41"
+ "SubscriptionId": "40d77f8e-5982-4e7e-bafa-b7cd23b123e6"
}
}
\ No newline at end of file
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestSetPolicyAssignmentParameters.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestSetPolicyAssignmentParameters.json
index 78ce1851796e..ffb63d444946 100644
--- a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestSetPolicyAssignmentParameters.json
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests/TestSetPolicyAssignmentParameters.json
@@ -1,14 +1,14 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZjY3Y2M5MTgtZjY0Zi00YzNmLWFhMjQtYTg1NTQ2NWY5ZDQxL3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestUri": "/Subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L1N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -25,16 +25,16 @@
"no-cache"
],
"x-ms-request-id": [
- "westus:f4778a7f-cb70-49ec-9365-cf41515f678c"
+ "westus:46220da2-804c-4343-8cd1-845f1bee7248"
],
"x-ms-ratelimit-remaining-subscription-reads": [
- "11993"
+ "11999"
],
"x-ms-correlation-request-id": [
- "3904fca0-4a12-4c30-a960-a9195a637ba1"
+ "178262b8-7c07-4c55-9b98-c9fc142e818a"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224227Z:3904fca0-4a12-4c30-a960-a9195a637ba1"
+ "WESTUS:20200109T021024Z:178262b8-7c07-4c55-9b98-c9fc142e818a"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -43,7 +43,556 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:27 GMT"
+ "Thu, 09 Jan 2020 02:10:24 GMT"
+ ],
+ "Content-Length": [
+ "104"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyAssignmentNotFound\",\r\n \"message\": \"The policy assignment 'someName' is not found.\"\r\n }\r\n}",
+ "StatusCode": 404
+ },
+ {
+ "RequestUri": "/Subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L1N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "User-Agent": [
+ "AzurePowershell/v1.0.0",
+ "PSVersion/v6.1.0"
+ ],
+ "ParameterSetName": [
+ "NameParameterSet"
+ ],
+ "CommandName": [
+ "Set-AzPolicyAssignment"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "westus:223e6789-4519-40a7-9e95-709e3e2a1e9b"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "11999"
+ ],
+ "x-ms-correlation-request-id": [
+ "3a187a7c-675f-4449-ab9a-69f77306c992"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTUS:20200109T021025Z:3a187a7c-675f-4449-ab9a-69f77306c992"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Date": [
+ "Thu, 09 Jan 2020 02:10:24 GMT"
+ ],
+ "Content-Length": [
+ "104"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyAssignmentNotFound\",\r\n \"message\": \"The policy assignment 'someName' is not found.\"\r\n }\r\n}",
+ "StatusCode": 404
+ },
+ {
+ "RequestUri": "/Subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L1N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "User-Agent": [
+ "AzurePowershell/v1.0.0",
+ "PSVersion/v6.1.0"
+ ],
+ "ParameterSetName": [
+ "NameParameterSet"
+ ],
+ "CommandName": [
+ "Set-AzPolicyAssignment"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "westus:1b0dc08d-1705-4ce7-9947-c9fa21da71c8"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "11999"
+ ],
+ "x-ms-correlation-request-id": [
+ "44aacf61-939a-4ecc-a336-e850655f4292"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTUS:20200109T021025Z:44aacf61-939a-4ecc-a336-e850655f4292"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Date": [
+ "Thu, 09 Jan 2020 02:10:24 GMT"
+ ],
+ "Content-Length": [
+ "104"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyAssignmentNotFound\",\r\n \"message\": \"The policy assignment 'someName' is not found.\"\r\n }\r\n}",
+ "StatusCode": 404
+ },
+ {
+ "RequestUri": "/Subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L1N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "User-Agent": [
+ "AzurePowershell/v1.0.0",
+ "PSVersion/v6.1.0"
+ ],
+ "ParameterSetName": [
+ "NameParameterSet"
+ ],
+ "CommandName": [
+ "Set-AzPolicyAssignment"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "westus:a2f667e5-5cc4-4e36-9337-6d042f6c9430"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "11999"
+ ],
+ "x-ms-correlation-request-id": [
+ "d109adcb-fc8d-438b-8879-bb3ff25265c5"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTUS:20200109T021025Z:d109adcb-fc8d-438b-8879-bb3ff25265c5"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Date": [
+ "Thu, 09 Jan 2020 02:10:25 GMT"
+ ],
+ "Content-Length": [
+ "104"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyAssignmentNotFound\",\r\n \"message\": \"The policy assignment 'someName' is not found.\"\r\n }\r\n}",
+ "StatusCode": 404
+ },
+ {
+ "RequestUri": "/Subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L1N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "User-Agent": [
+ "AzurePowershell/v1.0.0",
+ "PSVersion/v6.1.0"
+ ],
+ "ParameterSetName": [
+ "NameParameterSet"
+ ],
+ "CommandName": [
+ "Set-AzPolicyAssignment"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "westus:6bc57f25-4020-4238-ad9d-746d89253163"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "11999"
+ ],
+ "x-ms-correlation-request-id": [
+ "af27a48c-98e3-4662-b6bc-e723ab94007d"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTUS:20200109T021025Z:af27a48c-98e3-4662-b6bc-e723ab94007d"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Date": [
+ "Thu, 09 Jan 2020 02:10:25 GMT"
+ ],
+ "Content-Length": [
+ "104"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyAssignmentNotFound\",\r\n \"message\": \"The policy assignment 'someName' is not found.\"\r\n }\r\n}",
+ "StatusCode": 404
+ },
+ {
+ "RequestUri": "/Subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L1N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "User-Agent": [
+ "AzurePowershell/v1.0.0",
+ "PSVersion/v6.1.0"
+ ],
+ "ParameterSetName": [
+ "PolicyParameterNameObjectParameterSet"
+ ],
+ "CommandName": [
+ "Set-AzPolicyAssignment"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "westus:c063b1c3-243e-4a8d-9266-9425230dd8f5"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "11999"
+ ],
+ "x-ms-correlation-request-id": [
+ "af26e607-a287-478e-bec1-5a7f1ec60d68"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTUS:20200109T021026Z:af26e607-a287-478e-bec1-5a7f1ec60d68"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Date": [
+ "Thu, 09 Jan 2020 02:10:25 GMT"
+ ],
+ "Content-Length": [
+ "104"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyAssignmentNotFound\",\r\n \"message\": \"The policy assignment 'someName' is not found.\"\r\n }\r\n}",
+ "StatusCode": 404
+ },
+ {
+ "RequestUri": "/Subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L1N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "User-Agent": [
+ "AzurePowershell/v1.0.0",
+ "PSVersion/v6.1.0"
+ ],
+ "ParameterSetName": [
+ "PolicyParameterNameStringParameterSet"
+ ],
+ "CommandName": [
+ "Set-AzPolicyAssignment"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "westus:793148c8-4775-4014-9a4f-9b00f59d3fcc"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "11999"
+ ],
+ "x-ms-correlation-request-id": [
+ "cce5369a-56fc-48f2-9f8a-7d09b48bcd8d"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTUS:20200109T021026Z:cce5369a-56fc-48f2-9f8a-7d09b48bcd8d"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Date": [
+ "Thu, 09 Jan 2020 02:10:25 GMT"
+ ],
+ "Content-Length": [
+ "104"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyAssignmentNotFound\",\r\n \"message\": \"The policy assignment 'someName' is not found.\"\r\n }\r\n}",
+ "StatusCode": 404
+ },
+ {
+ "RequestUri": "/Subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L1N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "User-Agent": [
+ "AzurePowershell/v1.0.0",
+ "PSVersion/v6.1.0"
+ ],
+ "ParameterSetName": [
+ "NameParameterSet"
+ ],
+ "CommandName": [
+ "Set-AzPolicyAssignment"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "westus:1fe70e9d-781f-43ec-976e-9ef6aee676f6"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "11999"
+ ],
+ "x-ms-correlation-request-id": [
+ "3a522db7-f26f-47d0-85f2-6dd45a34e109"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTUS:20200109T021026Z:3a522db7-f26f-47d0-85f2-6dd45a34e109"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Date": [
+ "Thu, 09 Jan 2020 02:10:25 GMT"
+ ],
+ "Content-Length": [
+ "104"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyAssignmentNotFound\",\r\n \"message\": \"The policy assignment 'someName' is not found.\"\r\n }\r\n}",
+ "StatusCode": 404
+ },
+ {
+ "RequestUri": "/Subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L1N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "User-Agent": [
+ "AzurePowershell/v1.0.0",
+ "PSVersion/v6.1.0"
+ ],
+ "ParameterSetName": [
+ "NameParameterSet"
+ ],
+ "CommandName": [
+ "Set-AzPolicyAssignment"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "westus:d79ff787-640b-4664-98a3-b4598146a0f5"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "11998"
+ ],
+ "x-ms-correlation-request-id": [
+ "5f36d013-c749-46d1-9bef-549c5c53208a"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTUS:20200109T021026Z:5f36d013-c749-46d1-9bef-549c5c53208a"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Date": [
+ "Thu, 09 Jan 2020 02:10:25 GMT"
+ ],
+ "Content-Length": [
+ "104"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"PolicyAssignmentNotFound\",\r\n \"message\": \"The policy assignment 'someName' is not found.\"\r\n }\r\n}",
+ "StatusCode": 404
+ },
+ {
+ "RequestUri": "/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyassignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "User-Agent": [
+ "AzurePowershell/v1.0.0",
+ "PSVersion/v6.1.0"
+ ],
+ "ParameterSetName": [
+ "NameParameterSet"
+ ],
+ "CommandName": [
+ "Set-AzPolicyAssignment"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "westus:9a54fa5e-2e34-4e18-beba-b83891589673"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "11999"
+ ],
+ "x-ms-correlation-request-id": [
+ "3ed05148-27e9-4103-834c-951e66835474"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTUS:20200109T021025Z:3ed05148-27e9-4103-834c-951e66835474"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Date": [
+ "Thu, 09 Jan 2020 02:10:24 GMT"
],
"Content-Length": [
"104"
@@ -69,7 +618,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -89,13 +638,13 @@
"gateway"
],
"x-ms-request-id": [
- "63842dd7-34d1-4d32-950c-045177e4909c"
+ "87e9bf1f-d7ef-4762-ad14-211f240b301a"
],
"x-ms-correlation-request-id": [
- "63842dd7-34d1-4d32-950c-045177e4909c"
+ "87e9bf1f-d7ef-4762-ad14-211f240b301a"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224228Z:63842dd7-34d1-4d32-950c-045177e4909c"
+ "WESTUS:20200109T021026Z:87e9bf1f-d7ef-4762-ad14-211f240b301a"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -104,7 +653,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:27 GMT"
+ "Thu, 09 Jan 2020 02:10:26 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -130,7 +679,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -150,13 +699,13 @@
"gateway"
],
"x-ms-request-id": [
- "25295a0f-5bdd-4903-b0ed-f1951fde8033"
+ "219dc6a4-4973-4258-ab99-529a38134d51"
],
"x-ms-correlation-request-id": [
- "25295a0f-5bdd-4903-b0ed-f1951fde8033"
+ "219dc6a4-4973-4258-ab99-529a38134d51"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224228Z:25295a0f-5bdd-4903-b0ed-f1951fde8033"
+ "WESTUS:20200109T021026Z:219dc6a4-4973-4258-ab99-529a38134d51"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -165,7 +714,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:28 GMT"
+ "Thu, 09 Jan 2020 02:10:26 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -191,7 +740,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -211,13 +760,13 @@
"gateway"
],
"x-ms-request-id": [
- "91fe022c-5005-4b22-b78e-478015719867"
+ "68e38b92-5559-44b3-933b-0fcbc56a302c"
],
"x-ms-correlation-request-id": [
- "91fe022c-5005-4b22-b78e-478015719867"
+ "68e38b92-5559-44b3-933b-0fcbc56a302c"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224228Z:91fe022c-5005-4b22-b78e-478015719867"
+ "WESTUS:20200109T021026Z:68e38b92-5559-44b3-933b-0fcbc56a302c"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -226,7 +775,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:27 GMT"
+ "Thu, 09 Jan 2020 02:10:26 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -252,7 +801,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -272,13 +821,13 @@
"gateway"
],
"x-ms-request-id": [
- "9917f38f-564d-4ac3-a034-3469fbb2e810"
+ "22a4d0f7-b452-4f52-9c86-7179c23e5fbf"
],
"x-ms-correlation-request-id": [
- "9917f38f-564d-4ac3-a034-3469fbb2e810"
+ "22a4d0f7-b452-4f52-9c86-7179c23e5fbf"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224228Z:9917f38f-564d-4ac3-a034-3469fbb2e810"
+ "WESTUS:20200109T021027Z:22a4d0f7-b452-4f52-9c86-7179c23e5fbf"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -287,7 +836,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:28 GMT"
+ "Thu, 09 Jan 2020 02:10:26 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -313,7 +862,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterNameObjectParameterSet"
@@ -333,13 +882,13 @@
"gateway"
],
"x-ms-request-id": [
- "22defb56-97a3-4d5c-8cf4-503598a37ae3"
+ "a992e88d-c76a-4120-8ec8-a67d79c69064"
],
"x-ms-correlation-request-id": [
- "22defb56-97a3-4d5c-8cf4-503598a37ae3"
+ "a992e88d-c76a-4120-8ec8-a67d79c69064"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224228Z:22defb56-97a3-4d5c-8cf4-503598a37ae3"
+ "WESTUS:20200109T021027Z:a992e88d-c76a-4120-8ec8-a67d79c69064"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -348,7 +897,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:27 GMT"
+ "Thu, 09 Jan 2020 02:10:26 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -374,7 +923,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterNameStringParameterSet"
@@ -394,13 +943,13 @@
"gateway"
],
"x-ms-request-id": [
- "0befde42-db7b-4850-8ced-913f44fdd95b"
+ "b3a773a4-ff0d-4d83-93ab-901c7ae4d6aa"
],
"x-ms-correlation-request-id": [
- "0befde42-db7b-4850-8ced-913f44fdd95b"
+ "b3a773a4-ff0d-4d83-93ab-901c7ae4d6aa"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224228Z:0befde42-db7b-4850-8ced-913f44fdd95b"
+ "WESTUS:20200109T021027Z:b3a773a4-ff0d-4d83-93ab-901c7ae4d6aa"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -409,7 +958,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:27 GMT"
+ "Thu, 09 Jan 2020 02:10:26 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -435,7 +984,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -455,13 +1004,13 @@
"gateway"
],
"x-ms-request-id": [
- "9b2de43b-3b4d-4dbc-9981-65d4d79e9630"
+ "caa0d39a-83af-4cce-9615-d68207b003bc"
],
"x-ms-correlation-request-id": [
- "9b2de43b-3b4d-4dbc-9981-65d4d79e9630"
+ "caa0d39a-83af-4cce-9615-d68207b003bc"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224228Z:9b2de43b-3b4d-4dbc-9981-65d4d79e9630"
+ "WESTUS:20200109T021027Z:caa0d39a-83af-4cce-9615-d68207b003bc"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -470,7 +1019,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:28 GMT"
+ "Thu, 09 Jan 2020 02:10:27 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -496,7 +1045,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -516,13 +1065,13 @@
"gateway"
],
"x-ms-request-id": [
- "38a0bed6-48f6-4145-a322-c96eaa7dea28"
+ "d4bdbbd9-4b50-48e3-80ad-70f776d6a17c"
],
"x-ms-correlation-request-id": [
- "38a0bed6-48f6-4145-a322-c96eaa7dea28"
+ "d4bdbbd9-4b50-48e3-80ad-70f776d6a17c"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224228Z:38a0bed6-48f6-4145-a322-c96eaa7dea28"
+ "WESTUS:20200109T021027Z:d4bdbbd9-4b50-48e3-80ad-70f776d6a17c"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -531,7 +1080,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:28 GMT"
+ "Thu, 09 Jan 2020 02:10:27 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -557,7 +1106,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -577,13 +1126,13 @@
"gateway"
],
"x-ms-request-id": [
- "73e3865e-ee33-4c89-89a5-07a27b5da142"
+ "44c3dd5b-3402-442b-8854-49fe07ad258b"
],
"x-ms-correlation-request-id": [
- "73e3865e-ee33-4c89-89a5-07a27b5da142"
+ "44c3dd5b-3402-442b-8854-49fe07ad258b"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224229Z:73e3865e-ee33-4c89-89a5-07a27b5da142"
+ "WESTUS:20200109T021027Z:44c3dd5b-3402-442b-8854-49fe07ad258b"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -592,7 +1141,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:28 GMT"
+ "Thu, 09 Jan 2020 02:10:26 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -618,7 +1167,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -638,13 +1187,13 @@
"gateway"
],
"x-ms-request-id": [
- "343cac60-9255-4613-b880-d47edde11ac6"
+ "825eae12-fc01-4e79-96e4-cdc202955acc"
],
"x-ms-correlation-request-id": [
- "343cac60-9255-4613-b880-d47edde11ac6"
+ "825eae12-fc01-4e79-96e4-cdc202955acc"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224229Z:343cac60-9255-4613-b880-d47edde11ac6"
+ "WESTUS:20200109T021027Z:825eae12-fc01-4e79-96e4-cdc202955acc"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -653,7 +1202,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:28 GMT"
+ "Thu, 09 Jan 2020 02:10:27 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -679,7 +1228,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -699,13 +1248,13 @@
"gateway"
],
"x-ms-request-id": [
- "c9658956-5461-4ce7-bbd9-fbc53b097e17"
+ "9492fa2b-bccf-4a60-ae41-27385a0dbb76"
],
"x-ms-correlation-request-id": [
- "c9658956-5461-4ce7-bbd9-fbc53b097e17"
+ "9492fa2b-bccf-4a60-ae41-27385a0dbb76"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224229Z:c9658956-5461-4ce7-bbd9-fbc53b097e17"
+ "WESTUS:20200109T021027Z:9492fa2b-bccf-4a60-ae41-27385a0dbb76"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -714,7 +1263,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:28 GMT"
+ "Thu, 09 Jan 2020 02:10:27 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -740,7 +1289,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterNameObjectParameterSet"
@@ -760,13 +1309,13 @@
"gateway"
],
"x-ms-request-id": [
- "8714e904-df59-4c5e-a9cb-6233b762c522"
+ "c2354863-944c-4af3-932d-0e6fde7b5ea2"
],
"x-ms-correlation-request-id": [
- "8714e904-df59-4c5e-a9cb-6233b762c522"
+ "c2354863-944c-4af3-932d-0e6fde7b5ea2"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224229Z:8714e904-df59-4c5e-a9cb-6233b762c522"
+ "WESTUS:20200109T021028Z:c2354863-944c-4af3-932d-0e6fde7b5ea2"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -775,7 +1324,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:29 GMT"
+ "Thu, 09 Jan 2020 02:10:27 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -801,7 +1350,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterNameStringParameterSet"
@@ -821,13 +1370,13 @@
"gateway"
],
"x-ms-request-id": [
- "534f51a8-8676-4dc3-8287-0f82483aedcd"
+ "dcb6f971-c8d2-4381-9b10-caf3320917ce"
],
"x-ms-correlation-request-id": [
- "534f51a8-8676-4dc3-8287-0f82483aedcd"
+ "dcb6f971-c8d2-4381-9b10-caf3320917ce"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224229Z:534f51a8-8676-4dc3-8287-0f82483aedcd"
+ "WESTUS:20200109T021028Z:dcb6f971-c8d2-4381-9b10-caf3320917ce"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -836,7 +1385,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:29 GMT"
+ "Thu, 09 Jan 2020 02:10:27 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -862,7 +1411,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -882,13 +1431,13 @@
"gateway"
],
"x-ms-request-id": [
- "81be6e77-5eb8-44ee-8d7f-cf130bf9f97c"
+ "b2e320c1-8c1e-42f3-b0f2-0b7424e2aa59"
],
"x-ms-correlation-request-id": [
- "81be6e77-5eb8-44ee-8d7f-cf130bf9f97c"
+ "b2e320c1-8c1e-42f3-b0f2-0b7424e2aa59"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224229Z:81be6e77-5eb8-44ee-8d7f-cf130bf9f97c"
+ "WESTUS:20200109T021028Z:b2e320c1-8c1e-42f3-b0f2-0b7424e2aa59"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -897,7 +1446,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:29 GMT"
+ "Thu, 09 Jan 2020 02:10:27 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -923,7 +1472,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -943,13 +1492,13 @@
"gateway"
],
"x-ms-request-id": [
- "40f0998d-1eb3-4db2-ae83-9e1bf6f084c5"
+ "434ac82b-0c85-4361-b3de-55b7e785516f"
],
"x-ms-correlation-request-id": [
- "40f0998d-1eb3-4db2-ae83-9e1bf6f084c5"
+ "434ac82b-0c85-4361-b3de-55b7e785516f"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224229Z:40f0998d-1eb3-4db2-ae83-9e1bf6f084c5"
+ "WESTUS:20200109T021028Z:434ac82b-0c85-4361-b3de-55b7e785516f"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -958,7 +1507,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:29 GMT"
+ "Thu, 09 Jan 2020 02:10:27 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -984,7 +1533,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -1004,13 +1553,13 @@
"gateway"
],
"x-ms-request-id": [
- "fda0bc6f-d46d-4008-9965-b470b7d6f88d"
+ "95d379c0-517b-40ba-9a75-7071630d3a44"
],
"x-ms-correlation-request-id": [
- "fda0bc6f-d46d-4008-9965-b470b7d6f88d"
+ "95d379c0-517b-40ba-9a75-7071630d3a44"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224229Z:fda0bc6f-d46d-4008-9965-b470b7d6f88d"
+ "WESTUS:20200109T021028Z:95d379c0-517b-40ba-9a75-7071630d3a44"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1019,7 +1568,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:29 GMT"
+ "Thu, 09 Jan 2020 02:10:27 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1045,7 +1594,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -1065,13 +1614,13 @@
"gateway"
],
"x-ms-request-id": [
- "a58e475b-4a29-45ec-a18b-e758219837c3"
+ "ac28eb09-907a-49bf-975e-57a8d424f1b1"
],
"x-ms-correlation-request-id": [
- "a58e475b-4a29-45ec-a18b-e758219837c3"
+ "ac28eb09-907a-49bf-975e-57a8d424f1b1"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224230Z:a58e475b-4a29-45ec-a18b-e758219837c3"
+ "WESTUS:20200109T021028Z:ac28eb09-907a-49bf-975e-57a8d424f1b1"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1080,7 +1629,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:29 GMT"
+ "Thu, 09 Jan 2020 02:10:27 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1106,7 +1655,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterNameObjectParameterSet"
@@ -1126,13 +1675,13 @@
"gateway"
],
"x-ms-request-id": [
- "2d1014ee-d350-491d-8684-cabc0e920200"
+ "c8d45172-1de1-45cf-a82c-ee4309375aba"
],
"x-ms-correlation-request-id": [
- "2d1014ee-d350-491d-8684-cabc0e920200"
+ "c8d45172-1de1-45cf-a82c-ee4309375aba"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224230Z:2d1014ee-d350-491d-8684-cabc0e920200"
+ "WESTUS:20200109T021028Z:c8d45172-1de1-45cf-a82c-ee4309375aba"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1141,7 +1690,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:29 GMT"
+ "Thu, 09 Jan 2020 02:10:28 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1167,7 +1716,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterNameStringParameterSet"
@@ -1187,13 +1736,13 @@
"gateway"
],
"x-ms-request-id": [
- "67f5b64c-86d6-47d5-90a0-1501cd9d7551"
+ "19220c7e-09d5-4801-9f74-2aa8244ae889"
],
"x-ms-correlation-request-id": [
- "67f5b64c-86d6-47d5-90a0-1501cd9d7551"
+ "19220c7e-09d5-4801-9f74-2aa8244ae889"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224230Z:67f5b64c-86d6-47d5-90a0-1501cd9d7551"
+ "WESTUS:20200109T021028Z:19220c7e-09d5-4801-9f74-2aa8244ae889"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1202,7 +1751,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:29 GMT"
+ "Thu, 09 Jan 2020 02:10:28 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1228,7 +1777,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -1248,13 +1797,13 @@
"gateway"
],
"x-ms-request-id": [
- "8f78167f-674c-4410-9e1f-47f3537654fe"
+ "1d496230-ba13-4f37-8bb9-726d0f164116"
],
"x-ms-correlation-request-id": [
- "8f78167f-674c-4410-9e1f-47f3537654fe"
+ "1d496230-ba13-4f37-8bb9-726d0f164116"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224230Z:8f78167f-674c-4410-9e1f-47f3537654fe"
+ "WESTUS:20200109T021028Z:1d496230-ba13-4f37-8bb9-726d0f164116"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1263,7 +1812,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:30 GMT"
+ "Thu, 09 Jan 2020 02:10:28 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1289,7 +1838,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -1309,13 +1858,13 @@
"gateway"
],
"x-ms-request-id": [
- "90128d84-fd3a-49a1-ac15-e4495b40e661"
+ "bd629f31-d528-4181-8ef5-bf866f40250b"
],
"x-ms-correlation-request-id": [
- "90128d84-fd3a-49a1-ac15-e4495b40e661"
+ "bd629f31-d528-4181-8ef5-bf866f40250b"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224230Z:90128d84-fd3a-49a1-ac15-e4495b40e661"
+ "WESTUS:20200109T021029Z:bd629f31-d528-4181-8ef5-bf866f40250b"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1324,7 +1873,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:29 GMT"
+ "Thu, 09 Jan 2020 02:10:28 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1350,7 +1899,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -1370,13 +1919,13 @@
"gateway"
],
"x-ms-request-id": [
- "c290f111-6a08-4002-9771-9920214f0e08"
+ "d9cfb6b6-270e-48c2-abc9-9e7259ea9072"
],
"x-ms-correlation-request-id": [
- "c290f111-6a08-4002-9771-9920214f0e08"
+ "d9cfb6b6-270e-48c2-abc9-9e7259ea9072"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224230Z:c290f111-6a08-4002-9771-9920214f0e08"
+ "WESTUS:20200109T021029Z:d9cfb6b6-270e-48c2-abc9-9e7259ea9072"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1385,7 +1934,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:30 GMT"
+ "Thu, 09 Jan 2020 02:10:28 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1411,7 +1960,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterNameObjectParameterSet"
@@ -1431,13 +1980,13 @@
"gateway"
],
"x-ms-request-id": [
- "cbe7119b-4348-4127-ae61-5faa842b4c75"
+ "01d18b63-bb57-4c9a-b720-673a5c62f216"
],
"x-ms-correlation-request-id": [
- "cbe7119b-4348-4127-ae61-5faa842b4c75"
+ "01d18b63-bb57-4c9a-b720-673a5c62f216"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224230Z:cbe7119b-4348-4127-ae61-5faa842b4c75"
+ "WESTUS:20200109T021029Z:01d18b63-bb57-4c9a-b720-673a5c62f216"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1446,7 +1995,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:30 GMT"
+ "Thu, 09 Jan 2020 02:10:28 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1472,7 +2021,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterNameStringParameterSet"
@@ -1492,13 +2041,13 @@
"gateway"
],
"x-ms-request-id": [
- "0df0106c-1a2b-43e7-bf27-94a94dfb5222"
+ "4c309aa1-ff00-4399-8d4d-ea2a311c7d4f"
],
"x-ms-correlation-request-id": [
- "0df0106c-1a2b-43e7-bf27-94a94dfb5222"
+ "4c309aa1-ff00-4399-8d4d-ea2a311c7d4f"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224231Z:0df0106c-1a2b-43e7-bf27-94a94dfb5222"
+ "WESTUS:20200109T021029Z:4c309aa1-ff00-4399-8d4d-ea2a311c7d4f"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1507,7 +2056,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:30 GMT"
+ "Thu, 09 Jan 2020 02:10:28 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1533,7 +2082,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -1553,13 +2102,13 @@
"gateway"
],
"x-ms-request-id": [
- "440173c6-c91c-4fde-a814-d62faef14818"
+ "77a33990-5dc4-4f02-9a35-7affee9fca59"
],
"x-ms-correlation-request-id": [
- "440173c6-c91c-4fde-a814-d62faef14818"
+ "77a33990-5dc4-4f02-9a35-7affee9fca59"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224231Z:440173c6-c91c-4fde-a814-d62faef14818"
+ "WESTUS:20200109T021029Z:77a33990-5dc4-4f02-9a35-7affee9fca59"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1568,7 +2117,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:30 GMT"
+ "Thu, 09 Jan 2020 02:10:29 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1594,7 +2143,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -1614,13 +2163,13 @@
"gateway"
],
"x-ms-request-id": [
- "9b4ceeee-9d2b-4cb7-8b5f-7709d77e37e3"
+ "27e78f37-49e8-400e-a560-92342d68b349"
],
"x-ms-correlation-request-id": [
- "9b4ceeee-9d2b-4cb7-8b5f-7709d77e37e3"
+ "27e78f37-49e8-400e-a560-92342d68b349"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224231Z:9b4ceeee-9d2b-4cb7-8b5f-7709d77e37e3"
+ "WESTUS:20200109T021029Z:27e78f37-49e8-400e-a560-92342d68b349"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1629,7 +2178,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:31 GMT"
+ "Thu, 09 Jan 2020 02:10:28 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1655,7 +2204,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterNameObjectParameterSet"
@@ -1675,13 +2224,13 @@
"gateway"
],
"x-ms-request-id": [
- "17f468b9-5efb-4167-9d7a-057b42478194"
+ "60ece5e9-47d4-4316-bdb4-9d829d3fbcd7"
],
"x-ms-correlation-request-id": [
- "17f468b9-5efb-4167-9d7a-057b42478194"
+ "60ece5e9-47d4-4316-bdb4-9d829d3fbcd7"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224231Z:17f468b9-5efb-4167-9d7a-057b42478194"
+ "WESTUS:20200109T021029Z:60ece5e9-47d4-4316-bdb4-9d829d3fbcd7"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1690,7 +2239,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:31 GMT"
+ "Thu, 09 Jan 2020 02:10:29 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1716,7 +2265,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterNameStringParameterSet"
@@ -1736,13 +2285,13 @@
"gateway"
],
"x-ms-request-id": [
- "6daeb7b4-4088-45a7-a157-2b7831b164ba"
+ "566d361c-f78a-4af1-b84e-7c5b0ef5efd3"
],
"x-ms-correlation-request-id": [
- "6daeb7b4-4088-45a7-a157-2b7831b164ba"
+ "566d361c-f78a-4af1-b84e-7c5b0ef5efd3"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224231Z:6daeb7b4-4088-45a7-a157-2b7831b164ba"
+ "WESTUS:20200109T021029Z:566d361c-f78a-4af1-b84e-7c5b0ef5efd3"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1751,7 +2300,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:30 GMT"
+ "Thu, 09 Jan 2020 02:10:29 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1777,7 +2326,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -1797,13 +2346,13 @@
"gateway"
],
"x-ms-request-id": [
- "98aaf691-764d-4e3b-a839-d3d7085e23b7"
+ "dc5fa0f2-7c17-4f06-a0d4-c57068384a6d"
],
"x-ms-correlation-request-id": [
- "98aaf691-764d-4e3b-a839-d3d7085e23b7"
+ "dc5fa0f2-7c17-4f06-a0d4-c57068384a6d"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224231Z:98aaf691-764d-4e3b-a839-d3d7085e23b7"
+ "WESTUS:20200109T021030Z:dc5fa0f2-7c17-4f06-a0d4-c57068384a6d"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1812,7 +2361,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:31 GMT"
+ "Thu, 09 Jan 2020 02:10:29 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1838,7 +2387,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"NameParameterSet"
@@ -1858,13 +2407,13 @@
"gateway"
],
"x-ms-request-id": [
- "218c41e6-67bb-4077-9159-301d007e7661"
+ "e873efa7-6f53-429a-a6e5-17000b565dad"
],
"x-ms-correlation-request-id": [
- "218c41e6-67bb-4077-9159-301d007e7661"
+ "e873efa7-6f53-429a-a6e5-17000b565dad"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224231Z:218c41e6-67bb-4077-9159-301d007e7661"
+ "WESTUS:20200109T021030Z:e873efa7-6f53-429a-a6e5-17000b565dad"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1873,7 +2422,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:31 GMT"
+ "Thu, 09 Jan 2020 02:10:29 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1899,7 +2448,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterNameObjectParameterSet"
@@ -1919,13 +2468,13 @@
"gateway"
],
"x-ms-request-id": [
- "53a84af5-1a1c-4736-aef6-cf9c0c117d68"
+ "5894afa2-f69c-4104-ad6c-52b70e176207"
],
"x-ms-correlation-request-id": [
- "53a84af5-1a1c-4736-aef6-cf9c0c117d68"
+ "5894afa2-f69c-4104-ad6c-52b70e176207"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224231Z:53a84af5-1a1c-4736-aef6-cf9c0c117d68"
+ "WESTUS:20200109T021030Z:5894afa2-f69c-4104-ad6c-52b70e176207"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1934,7 +2483,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:31 GMT"
+ "Thu, 09 Jan 2020 02:10:29 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -1960,7 +2509,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterNameObjectParameterSet"
@@ -1980,13 +2529,13 @@
"gateway"
],
"x-ms-request-id": [
- "696ce87e-c767-463b-97d5-b051b2b9a3b9"
+ "2a8c7c90-ca27-41a5-84b3-b5f44be50130"
],
"x-ms-correlation-request-id": [
- "696ce87e-c767-463b-97d5-b051b2b9a3b9"
+ "2a8c7c90-ca27-41a5-84b3-b5f44be50130"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224232Z:696ce87e-c767-463b-97d5-b051b2b9a3b9"
+ "WESTUS:20200109T021030Z:2a8c7c90-ca27-41a5-84b3-b5f44be50130"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -1995,7 +2544,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:31 GMT"
+ "Thu, 09 Jan 2020 02:10:29 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2021,7 +2570,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterNameObjectParameterSet"
@@ -2041,13 +2590,13 @@
"gateway"
],
"x-ms-request-id": [
- "85ba15ae-ee8f-4f62-b26c-8043877bec3e"
+ "213e9190-fa1c-4de8-9850-dc70ad96428c"
],
"x-ms-correlation-request-id": [
- "85ba15ae-ee8f-4f62-b26c-8043877bec3e"
+ "213e9190-fa1c-4de8-9850-dc70ad96428c"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224232Z:85ba15ae-ee8f-4f62-b26c-8043877bec3e"
+ "WESTUS:20200109T021030Z:213e9190-fa1c-4de8-9850-dc70ad96428c"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2056,7 +2605,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:32 GMT"
+ "Thu, 09 Jan 2020 02:10:29 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2075,14 +2624,14 @@
"StatusCode": 404
},
{
- "RequestUri": "/subscriptions/f67cc918-f64f-4c3f-aa24-a855465f9d41/providers/Microsoft.Authorization/policyAssignments/someName?api-version=2019-09-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZjY3Y2M5MTgtZjY0Zi00YzNmLWFhMjQtYTg1NTQ2NWY5ZDQxL3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lBc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
+ "RequestUri": "/subscriptions/40d77f8e-5982-4e7e-bafa-b7cd23b123e6/providers/Microsoft.Authorization/policyAssignments/someName?api-version=2019-09-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDBkNzdmOGUtNTk4Mi00ZTdlLWJhZmEtYjdjZDIzYjEyM2U2L3Byb3ZpZGVycy9NaWNyb3NvZnQuQXV0aG9yaXphdGlvbi9wb2xpY3lBc3NpZ25tZW50cy9zb21lTmFtZT9hcGktdmVyc2lvbj0yMDE5LTA5LTAx",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -2099,16 +2648,16 @@
"no-cache"
],
"x-ms-request-id": [
- "westus:e0e831ab-b7ea-4498-96e7-6682a10ac5ed"
+ "westus:253af1e8-f846-41f2-80fa-d231a388ee66"
],
"x-ms-ratelimit-remaining-subscription-reads": [
- "11987"
+ "11999"
],
"x-ms-correlation-request-id": [
- "09327a2a-82d9-421b-b311-f352f7f254e9"
+ "3f9131be-fa86-43a9-87ab-484091c9d874"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224232Z:09327a2a-82d9-421b-b311-f352f7f254e9"
+ "WESTUS:20200109T021030Z:3f9131be-fa86-43a9-87ab-484091c9d874"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2117,7 +2666,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:31 GMT"
+ "Thu, 09 Jan 2020 02:10:30 GMT"
],
"Content-Length": [
"104"
@@ -2143,7 +2692,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -2163,13 +2712,13 @@
"gateway"
],
"x-ms-request-id": [
- "386746b2-27c5-48a2-b057-66bca7e6ec8c"
+ "543e7801-435c-4fe4-8a55-c3cb402b8b46"
],
"x-ms-correlation-request-id": [
- "386746b2-27c5-48a2-b057-66bca7e6ec8c"
+ "543e7801-435c-4fe4-8a55-c3cb402b8b46"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224232Z:386746b2-27c5-48a2-b057-66bca7e6ec8c"
+ "WESTUS:20200109T021030Z:543e7801-435c-4fe4-8a55-c3cb402b8b46"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2178,7 +2727,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:32 GMT"
+ "Thu, 09 Jan 2020 02:10:29 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2204,7 +2753,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -2224,13 +2773,13 @@
"gateway"
],
"x-ms-request-id": [
- "e8d30bbc-f980-45b3-a39d-9b3ece93c1e9"
+ "6383a931-b783-4c25-b6d0-f6e0d9bc2a45"
],
"x-ms-correlation-request-id": [
- "e8d30bbc-f980-45b3-a39d-9b3ece93c1e9"
+ "6383a931-b783-4c25-b6d0-f6e0d9bc2a45"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224232Z:e8d30bbc-f980-45b3-a39d-9b3ece93c1e9"
+ "WESTUS:20200109T021030Z:6383a931-b783-4c25-b6d0-f6e0d9bc2a45"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2239,7 +2788,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:32 GMT"
+ "Thu, 09 Jan 2020 02:10:30 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2265,7 +2814,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -2285,13 +2834,13 @@
"gateway"
],
"x-ms-request-id": [
- "e871a93c-23f3-44ba-9b8c-49e0306e0c00"
+ "31447c7d-7fd8-494e-9741-9e97de9be771"
],
"x-ms-correlation-request-id": [
- "e871a93c-23f3-44ba-9b8c-49e0306e0c00"
+ "31447c7d-7fd8-494e-9741-9e97de9be771"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224232Z:e871a93c-23f3-44ba-9b8c-49e0306e0c00"
+ "WESTUS:20200109T021030Z:31447c7d-7fd8-494e-9741-9e97de9be771"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2300,7 +2849,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:32 GMT"
+ "Thu, 09 Jan 2020 02:10:30 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2326,7 +2875,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -2346,13 +2895,13 @@
"gateway"
],
"x-ms-request-id": [
- "3af45228-3841-4e00-ade0-cd0c031085d9"
+ "52efd436-a2f3-4490-b508-b94106f753d8"
],
"x-ms-correlation-request-id": [
- "3af45228-3841-4e00-ade0-cd0c031085d9"
+ "52efd436-a2f3-4490-b508-b94106f753d8"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224232Z:3af45228-3841-4e00-ade0-cd0c031085d9"
+ "WESTUS:20200109T021031Z:52efd436-a2f3-4490-b508-b94106f753d8"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2361,7 +2910,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:32 GMT"
+ "Thu, 09 Jan 2020 02:10:30 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2387,7 +2936,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterIdObjectParameterSet"
@@ -2407,13 +2956,13 @@
"gateway"
],
"x-ms-request-id": [
- "bfe395d8-31b5-47ce-bb0e-428f6460c387"
+ "4611c2f0-a498-43be-bd95-c532bcfe0d0b"
],
"x-ms-correlation-request-id": [
- "bfe395d8-31b5-47ce-bb0e-428f6460c387"
+ "4611c2f0-a498-43be-bd95-c532bcfe0d0b"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224232Z:bfe395d8-31b5-47ce-bb0e-428f6460c387"
+ "WESTUS:20200109T021031Z:4611c2f0-a498-43be-bd95-c532bcfe0d0b"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2422,7 +2971,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:31 GMT"
+ "Thu, 09 Jan 2020 02:10:30 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2448,7 +2997,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterIdStringParameterSet"
@@ -2468,13 +3017,13 @@
"gateway"
],
"x-ms-request-id": [
- "3d39bc0f-2344-49c1-a600-088645c44e96"
+ "49e0be1a-3a4b-48ab-9484-411c884c5611"
],
"x-ms-correlation-request-id": [
- "3d39bc0f-2344-49c1-a600-088645c44e96"
+ "49e0be1a-3a4b-48ab-9484-411c884c5611"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224233Z:3d39bc0f-2344-49c1-a600-088645c44e96"
+ "WESTUS:20200109T021031Z:49e0be1a-3a4b-48ab-9484-411c884c5611"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2483,7 +3032,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:32 GMT"
+ "Thu, 09 Jan 2020 02:10:30 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2509,7 +3058,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -2529,13 +3078,13 @@
"gateway"
],
"x-ms-request-id": [
- "69240892-33ac-4638-ade9-d4caaa082645"
+ "95a93451-892c-4f60-9e81-2a3ed91254c3"
],
"x-ms-correlation-request-id": [
- "69240892-33ac-4638-ade9-d4caaa082645"
+ "95a93451-892c-4f60-9e81-2a3ed91254c3"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224233Z:69240892-33ac-4638-ade9-d4caaa082645"
+ "WESTUS:20200109T021031Z:95a93451-892c-4f60-9e81-2a3ed91254c3"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2544,7 +3093,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:32 GMT"
+ "Thu, 09 Jan 2020 02:10:31 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2570,7 +3119,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -2590,13 +3139,13 @@
"gateway"
],
"x-ms-request-id": [
- "5dbc0db7-18ed-4d43-99bf-a83c490938da"
+ "7eadf4f9-5cc7-4cda-9e99-bdb4abcb4615"
],
"x-ms-correlation-request-id": [
- "5dbc0db7-18ed-4d43-99bf-a83c490938da"
+ "7eadf4f9-5cc7-4cda-9e99-bdb4abcb4615"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224233Z:5dbc0db7-18ed-4d43-99bf-a83c490938da"
+ "WESTUS:20200109T021031Z:7eadf4f9-5cc7-4cda-9e99-bdb4abcb4615"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2605,7 +3154,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:32 GMT"
+ "Thu, 09 Jan 2020 02:10:30 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2631,7 +3180,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -2651,13 +3200,13 @@
"gateway"
],
"x-ms-request-id": [
- "c91a315e-0324-4f01-9c20-ac0115802087"
+ "270f9773-2fc7-4dc2-b0d3-c83f9acd80d7"
],
"x-ms-correlation-request-id": [
- "c91a315e-0324-4f01-9c20-ac0115802087"
+ "270f9773-2fc7-4dc2-b0d3-c83f9acd80d7"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224233Z:c91a315e-0324-4f01-9c20-ac0115802087"
+ "WESTUS:20200109T021031Z:270f9773-2fc7-4dc2-b0d3-c83f9acd80d7"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2666,7 +3215,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:32 GMT"
+ "Thu, 09 Jan 2020 02:10:31 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2692,7 +3241,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -2712,13 +3261,13 @@
"gateway"
],
"x-ms-request-id": [
- "bfa7c70e-6555-49b5-9017-8a11f39219f1"
+ "089d7fb9-e3f5-4bdc-ba22-132d0090478e"
],
"x-ms-correlation-request-id": [
- "bfa7c70e-6555-49b5-9017-8a11f39219f1"
+ "089d7fb9-e3f5-4bdc-ba22-132d0090478e"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224233Z:bfa7c70e-6555-49b5-9017-8a11f39219f1"
+ "WESTUS:20200109T021031Z:089d7fb9-e3f5-4bdc-ba22-132d0090478e"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2727,7 +3276,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:33 GMT"
+ "Thu, 09 Jan 2020 02:10:31 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2753,7 +3302,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -2773,13 +3322,13 @@
"gateway"
],
"x-ms-request-id": [
- "2758e9e6-221b-407c-a140-662112d28eef"
+ "3375ba54-b012-4ac0-b7fe-092bce6421b1"
],
"x-ms-correlation-request-id": [
- "2758e9e6-221b-407c-a140-662112d28eef"
+ "3375ba54-b012-4ac0-b7fe-092bce6421b1"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224233Z:2758e9e6-221b-407c-a140-662112d28eef"
+ "WESTUS:20200109T021032Z:3375ba54-b012-4ac0-b7fe-092bce6421b1"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2788,7 +3337,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:33 GMT"
+ "Thu, 09 Jan 2020 02:10:31 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2814,7 +3363,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterIdObjectParameterSet"
@@ -2834,13 +3383,13 @@
"gateway"
],
"x-ms-request-id": [
- "2eee24d8-9421-4f5e-b3cb-47f51c115253"
+ "b73e95b5-da87-45a7-b103-cf9b7a6a05aa"
],
"x-ms-correlation-request-id": [
- "2eee24d8-9421-4f5e-b3cb-47f51c115253"
+ "b73e95b5-da87-45a7-b103-cf9b7a6a05aa"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224233Z:2eee24d8-9421-4f5e-b3cb-47f51c115253"
+ "WESTUS:20200109T021032Z:b73e95b5-da87-45a7-b103-cf9b7a6a05aa"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2849,7 +3398,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:33 GMT"
+ "Thu, 09 Jan 2020 02:10:32 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2875,7 +3424,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterIdStringParameterSet"
@@ -2895,13 +3444,13 @@
"gateway"
],
"x-ms-request-id": [
- "3956e334-4056-42c0-ab67-615c425a7da1"
+ "0f86e3f6-e737-4609-bc80-1ec90ecc4c0b"
],
"x-ms-correlation-request-id": [
- "3956e334-4056-42c0-ab67-615c425a7da1"
+ "0f86e3f6-e737-4609-bc80-1ec90ecc4c0b"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224233Z:3956e334-4056-42c0-ab67-615c425a7da1"
+ "WESTUS:20200109T021029Z:0f86e3f6-e737-4609-bc80-1ec90ecc4c0b"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2910,7 +3459,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:33 GMT"
+ "Thu, 09 Jan 2020 02:10:28 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2936,7 +3485,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -2956,13 +3505,13 @@
"gateway"
],
"x-ms-request-id": [
- "2a8c881a-85a1-4d20-a15a-ffc233c7d5af"
+ "5fc9a231-d9c6-48b5-bfac-c686c5e98cc1"
],
"x-ms-correlation-request-id": [
- "2a8c881a-85a1-4d20-a15a-ffc233c7d5af"
+ "5fc9a231-d9c6-48b5-bfac-c686c5e98cc1"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224234Z:2a8c881a-85a1-4d20-a15a-ffc233c7d5af"
+ "WESTUS:20200109T021032Z:5fc9a231-d9c6-48b5-bfac-c686c5e98cc1"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -2971,7 +3520,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:33 GMT"
+ "Thu, 09 Jan 2020 02:10:32 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -2997,7 +3546,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -3017,13 +3566,13 @@
"gateway"
],
"x-ms-request-id": [
- "8fad39c9-2ea2-4ee2-afb4-97a2510f2b8e"
+ "1694b806-3fcb-4edf-9918-9d0a8af9c97f"
],
"x-ms-correlation-request-id": [
- "8fad39c9-2ea2-4ee2-afb4-97a2510f2b8e"
+ "1694b806-3fcb-4edf-9918-9d0a8af9c97f"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224234Z:8fad39c9-2ea2-4ee2-afb4-97a2510f2b8e"
+ "WESTUS:20200109T021032Z:1694b806-3fcb-4edf-9918-9d0a8af9c97f"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3032,7 +3581,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:33 GMT"
+ "Thu, 09 Jan 2020 02:10:32 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3058,7 +3607,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -3078,13 +3627,13 @@
"gateway"
],
"x-ms-request-id": [
- "4c09443a-5e38-422b-8851-6cab3bb0caf1"
+ "1d88124f-355e-4719-9532-9b085431fade"
],
"x-ms-correlation-request-id": [
- "4c09443a-5e38-422b-8851-6cab3bb0caf1"
+ "1d88124f-355e-4719-9532-9b085431fade"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224234Z:4c09443a-5e38-422b-8851-6cab3bb0caf1"
+ "WESTUS:20200109T021032Z:1d88124f-355e-4719-9532-9b085431fade"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3093,7 +3642,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:34 GMT"
+ "Thu, 09 Jan 2020 02:10:31 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3119,7 +3668,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -3139,13 +3688,13 @@
"gateway"
],
"x-ms-request-id": [
- "07e5bc30-825f-4aa8-b022-205348e5d15a"
+ "cdc02fae-acd0-4f61-9a09-8e30649ba9ea"
],
"x-ms-correlation-request-id": [
- "07e5bc30-825f-4aa8-b022-205348e5d15a"
+ "cdc02fae-acd0-4f61-9a09-8e30649ba9ea"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224234Z:07e5bc30-825f-4aa8-b022-205348e5d15a"
+ "WESTUS:20200109T021032Z:cdc02fae-acd0-4f61-9a09-8e30649ba9ea"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3154,7 +3703,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:34 GMT"
+ "Thu, 09 Jan 2020 02:10:32 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3180,7 +3729,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterIdObjectParameterSet"
@@ -3200,13 +3749,13 @@
"gateway"
],
"x-ms-request-id": [
- "875fa09d-3bd3-41b7-a709-9af941d52117"
+ "f3ec3bb2-2408-4636-bbbc-ca7e5598a29d"
],
"x-ms-correlation-request-id": [
- "875fa09d-3bd3-41b7-a709-9af941d52117"
+ "f3ec3bb2-2408-4636-bbbc-ca7e5598a29d"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224234Z:875fa09d-3bd3-41b7-a709-9af941d52117"
+ "WESTUS:20200109T021032Z:f3ec3bb2-2408-4636-bbbc-ca7e5598a29d"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3215,7 +3764,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:33 GMT"
+ "Thu, 09 Jan 2020 02:10:32 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3241,7 +3790,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterIdStringParameterSet"
@@ -3261,13 +3810,13 @@
"gateway"
],
"x-ms-request-id": [
- "892ea166-ec14-45f6-8ee9-62932ecdbba0"
+ "ba6afad4-1c13-4924-b54b-965fa68f2653"
],
"x-ms-correlation-request-id": [
- "892ea166-ec14-45f6-8ee9-62932ecdbba0"
+ "ba6afad4-1c13-4924-b54b-965fa68f2653"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224234Z:892ea166-ec14-45f6-8ee9-62932ecdbba0"
+ "WESTUS:20200109T021033Z:ba6afad4-1c13-4924-b54b-965fa68f2653"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3276,7 +3825,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:33 GMT"
+ "Thu, 09 Jan 2020 02:10:32 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3302,7 +3851,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -3322,13 +3871,13 @@
"gateway"
],
"x-ms-request-id": [
- "3646a930-2678-4c92-8c01-e3115a37c628"
+ "f0adaf37-f341-403b-9c25-3498c8734d17"
],
"x-ms-correlation-request-id": [
- "3646a930-2678-4c92-8c01-e3115a37c628"
+ "f0adaf37-f341-403b-9c25-3498c8734d17"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224234Z:3646a930-2678-4c92-8c01-e3115a37c628"
+ "WESTUS:20200109T021033Z:f0adaf37-f341-403b-9c25-3498c8734d17"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3337,7 +3886,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:34 GMT"
+ "Thu, 09 Jan 2020 02:10:32 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3363,7 +3912,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -3383,13 +3932,13 @@
"gateway"
],
"x-ms-request-id": [
- "6c0e1492-5bac-45bd-8465-02ef2e541b45"
+ "5ed0ead0-c8e7-47aa-ada2-5cce0ed88117"
],
"x-ms-correlation-request-id": [
- "6c0e1492-5bac-45bd-8465-02ef2e541b45"
+ "5ed0ead0-c8e7-47aa-ada2-5cce0ed88117"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224234Z:6c0e1492-5bac-45bd-8465-02ef2e541b45"
+ "WESTUS:20200109T021033Z:5ed0ead0-c8e7-47aa-ada2-5cce0ed88117"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3398,7 +3947,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:34 GMT"
+ "Thu, 09 Jan 2020 02:10:33 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3424,7 +3973,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -3444,13 +3993,13 @@
"gateway"
],
"x-ms-request-id": [
- "c914d567-53ff-4594-af7a-1ed4015f3152"
+ "95e05274-a5f5-4892-a810-d52f2a14e76d"
],
"x-ms-correlation-request-id": [
- "c914d567-53ff-4594-af7a-1ed4015f3152"
+ "95e05274-a5f5-4892-a810-d52f2a14e76d"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224235Z:c914d567-53ff-4594-af7a-1ed4015f3152"
+ "WESTUS:20200109T021033Z:95e05274-a5f5-4892-a810-d52f2a14e76d"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3459,7 +4008,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:34 GMT"
+ "Thu, 09 Jan 2020 02:10:32 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3485,7 +4034,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterIdObjectParameterSet"
@@ -3505,13 +4054,13 @@
"gateway"
],
"x-ms-request-id": [
- "a0039792-671f-4b19-a8f0-43b244a9486a"
+ "b77b8e5e-8659-47fc-8da6-7c57b99a5ab4"
],
"x-ms-correlation-request-id": [
- "a0039792-671f-4b19-a8f0-43b244a9486a"
+ "b77b8e5e-8659-47fc-8da6-7c57b99a5ab4"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224235Z:a0039792-671f-4b19-a8f0-43b244a9486a"
+ "WESTUS:20200109T021033Z:b77b8e5e-8659-47fc-8da6-7c57b99a5ab4"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3520,7 +4069,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:35 GMT"
+ "Thu, 09 Jan 2020 02:10:32 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3546,7 +4095,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterIdStringParameterSet"
@@ -3566,13 +4115,13 @@
"gateway"
],
"x-ms-request-id": [
- "69ccba8e-1698-4fdb-993d-26029e266cca"
+ "534b4538-3a76-47a0-93f0-2309aeeddb9b"
],
"x-ms-correlation-request-id": [
- "69ccba8e-1698-4fdb-993d-26029e266cca"
+ "534b4538-3a76-47a0-93f0-2309aeeddb9b"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224235Z:69ccba8e-1698-4fdb-993d-26029e266cca"
+ "WESTUS:20200109T021033Z:534b4538-3a76-47a0-93f0-2309aeeddb9b"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3581,7 +4130,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:34 GMT"
+ "Thu, 09 Jan 2020 02:10:33 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3607,7 +4156,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -3627,13 +4176,13 @@
"gateway"
],
"x-ms-request-id": [
- "b181b275-3b94-4caa-8924-71166f8f7c45"
+ "0bbaaf3d-2668-420c-85f9-b726ace93782"
],
"x-ms-correlation-request-id": [
- "b181b275-3b94-4caa-8924-71166f8f7c45"
+ "0bbaaf3d-2668-420c-85f9-b726ace93782"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224235Z:b181b275-3b94-4caa-8924-71166f8f7c45"
+ "WESTUS:20200109T021033Z:0bbaaf3d-2668-420c-85f9-b726ace93782"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3642,7 +4191,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:35 GMT"
+ "Thu, 09 Jan 2020 02:10:33 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3668,7 +4217,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -3688,13 +4237,13 @@
"gateway"
],
"x-ms-request-id": [
- "09ceef27-33e2-402b-acbf-8a7043714633"
+ "2b83a5b7-4907-41bb-8db7-70290b182441"
],
"x-ms-correlation-request-id": [
- "09ceef27-33e2-402b-acbf-8a7043714633"
+ "2b83a5b7-4907-41bb-8db7-70290b182441"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224235Z:09ceef27-33e2-402b-acbf-8a7043714633"
+ "WESTUS:20200109T021033Z:2b83a5b7-4907-41bb-8db7-70290b182441"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3703,7 +4252,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:34 GMT"
+ "Thu, 09 Jan 2020 02:10:33 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3729,7 +4278,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterIdObjectParameterSet"
@@ -3749,13 +4298,13 @@
"gateway"
],
"x-ms-request-id": [
- "5b22529b-7193-4f82-8c30-2f437896c814"
+ "62b306b6-b95e-4ed6-98cc-49b031e4e5bc"
],
"x-ms-correlation-request-id": [
- "5b22529b-7193-4f82-8c30-2f437896c814"
+ "62b306b6-b95e-4ed6-98cc-49b031e4e5bc"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224235Z:5b22529b-7193-4f82-8c30-2f437896c814"
+ "WESTUS:20200109T021034Z:62b306b6-b95e-4ed6-98cc-49b031e4e5bc"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3764,7 +4313,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:35 GMT"
+ "Thu, 09 Jan 2020 02:10:33 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3790,7 +4339,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterIdStringParameterSet"
@@ -3810,13 +4359,13 @@
"gateway"
],
"x-ms-request-id": [
- "3462361b-eb5d-4e3b-ab34-39c6a57c6baa"
+ "8e19ad2b-f9f6-4136-9ab6-fcc5f614815a"
],
"x-ms-correlation-request-id": [
- "3462361b-eb5d-4e3b-ab34-39c6a57c6baa"
+ "8e19ad2b-f9f6-4136-9ab6-fcc5f614815a"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224235Z:3462361b-eb5d-4e3b-ab34-39c6a57c6baa"
+ "WESTUS:20200109T021034Z:8e19ad2b-f9f6-4136-9ab6-fcc5f614815a"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3825,7 +4374,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:35 GMT"
+ "Thu, 09 Jan 2020 02:10:33 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3851,7 +4400,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -3871,13 +4420,13 @@
"gateway"
],
"x-ms-request-id": [
- "278378a1-b57b-4ffa-ae12-f7512d96289f"
+ "48fcf6b9-649b-4299-a030-1626ed46e21d"
],
"x-ms-correlation-request-id": [
- "278378a1-b57b-4ffa-ae12-f7512d96289f"
+ "48fcf6b9-649b-4299-a030-1626ed46e21d"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224236Z:278378a1-b57b-4ffa-ae12-f7512d96289f"
+ "WESTUS:20200109T021031Z:48fcf6b9-649b-4299-a030-1626ed46e21d"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3886,7 +4435,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:35 GMT"
+ "Thu, 09 Jan 2020 02:10:30 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3912,7 +4461,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"IdParameterSet"
@@ -3932,13 +4481,13 @@
"gateway"
],
"x-ms-request-id": [
- "d43eb0cb-7d49-4326-9fe2-8b6438317874"
+ "49d8b7e1-1012-4977-a3a0-66bb178dda8f"
],
"x-ms-correlation-request-id": [
- "d43eb0cb-7d49-4326-9fe2-8b6438317874"
+ "49d8b7e1-1012-4977-a3a0-66bb178dda8f"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224236Z:d43eb0cb-7d49-4326-9fe2-8b6438317874"
+ "WESTUS:20200109T021034Z:49d8b7e1-1012-4977-a3a0-66bb178dda8f"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -3947,7 +4496,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:35 GMT"
+ "Thu, 09 Jan 2020 02:10:34 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -3973,7 +4522,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterIdObjectParameterSet"
@@ -3993,13 +4542,13 @@
"gateway"
],
"x-ms-request-id": [
- "e0179987-d30b-4dda-925b-b087da6fdf30"
+ "0f17482b-b87e-4d07-8ffa-4c5878a30428"
],
"x-ms-correlation-request-id": [
- "e0179987-d30b-4dda-925b-b087da6fdf30"
+ "0f17482b-b87e-4d07-8ffa-4c5878a30428"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224236Z:e0179987-d30b-4dda-925b-b087da6fdf30"
+ "WESTUS:20200109T021034Z:0f17482b-b87e-4d07-8ffa-4c5878a30428"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -4008,7 +4557,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:36 GMT"
+ "Thu, 09 Jan 2020 02:10:34 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -4034,7 +4583,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterIdObjectParameterSet"
@@ -4054,13 +4603,13 @@
"gateway"
],
"x-ms-request-id": [
- "8bbc7c5a-22d9-42f6-b592-3cc4b12dd4f9"
+ "8a28fe1c-281b-4e1d-8f1c-2beaf65f93d1"
],
"x-ms-correlation-request-id": [
- "8bbc7c5a-22d9-42f6-b592-3cc4b12dd4f9"
+ "8a28fe1c-281b-4e1d-8f1c-2beaf65f93d1"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224236Z:8bbc7c5a-22d9-42f6-b592-3cc4b12dd4f9"
+ "WESTUS:20200109T021034Z:8a28fe1c-281b-4e1d-8f1c-2beaf65f93d1"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -4069,7 +4618,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:36 GMT"
+ "Thu, 09 Jan 2020 02:10:34 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -4095,7 +4644,7 @@
"RequestHeaders": {
"User-Agent": [
"AzurePowershell/v1.0.0",
- "PSVersion/v6.2.3"
+ "PSVersion/v6.1.0"
],
"ParameterSetName": [
"PolicyParameterIdObjectParameterSet"
@@ -4115,13 +4664,13 @@
"gateway"
],
"x-ms-request-id": [
- "1ba3fb1a-c9b8-4104-a617-7a3c1612debf"
+ "aebaacfe-ca08-4445-b978-21070dbd2e6d"
],
"x-ms-correlation-request-id": [
- "1ba3fb1a-c9b8-4104-a617-7a3c1612debf"
+ "aebaacfe-ca08-4445-b978-21070dbd2e6d"
],
"x-ms-routing-request-id": [
- "WESTUS:20191202T224236Z:1ba3fb1a-c9b8-4104-a617-7a3c1612debf"
+ "WESTUS:20200109T021034Z:aebaacfe-ca08-4445-b978-21070dbd2e6d"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -4130,7 +4679,7 @@
"nosniff"
],
"Date": [
- "Mon, 02 Dec 2019 22:42:36 GMT"
+ "Thu, 09 Jan 2020 02:10:34 GMT"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -4151,6 +4700,6 @@
],
"Names": {},
"Variables": {
- "SubscriptionId": "f67cc918-f64f-4c3f-aa24-a855465f9d41"
+ "SubscriptionId": "40d77f8e-5982-4e7e-bafa-b7cd23b123e6"
}
}
\ No newline at end of file
diff --git a/src/Resources/Resources/ChangeLog.md b/src/Resources/Resources/ChangeLog.md
index 6862a1db4ca2..426754df768d 100644
--- a/src/Resources/Resources/ChangeLog.md
+++ b/src/Resources/Resources/ChangeLog.md
@@ -18,6 +18,7 @@
- Additional information about change #1
-->
## Upcoming Release
+* Make -Scope optional in *-AzPolicyAssignment cmdlets with default to context subscription
## Version 1.9.1
* Fix an error in help document of `Remove-AzTag`.
diff --git a/src/Resources/Resources/help/New-AzPolicyAssignment.md b/src/Resources/Resources/help/New-AzPolicyAssignment.md
index fa3cddee1f64..4951879a3b9e 100644
--- a/src/Resources/Resources/help/New-AzPolicyAssignment.md
+++ b/src/Resources/Resources/help/New-AzPolicyAssignment.md
@@ -15,7 +15,7 @@ Creates a policy assignment.
### DefaultParameterSet (Default)
```
-New-AzPolicyAssignment -Name -Scope [-NotScope ] [-DisplayName ]
+New-AzPolicyAssignment -Name [-Scope ] [-NotScope ] [-DisplayName ]
[-Description ] [-PolicyDefinition ] [-PolicySetDefinition ] [-Metadata ]
[-EnforcementMode ] [-AssignIdentity] [-Location ]
[-ApiVersion ] [-Pre] [-DefaultProfile ] []
@@ -23,7 +23,7 @@ New-AzPolicyAssignment -Name -Scope [-NotScope ] [-D
### PolicyParameterObjectParameterSet
```
-New-AzPolicyAssignment -Name -Scope [-NotScope ] [-DisplayName ]
+New-AzPolicyAssignment -Name [-Scope ] [-NotScope ] [-DisplayName ]
[-Description ] -PolicyDefinition [-PolicySetDefinition ]
-PolicyParameterObject [-Metadata ] [-EnforcementMode ]
[-AssignIdentity] [-Location ] [-ApiVersion ] [-Pre]
@@ -32,7 +32,7 @@ New-AzPolicyAssignment -Name -Scope [-NotScope ] [-D
### PolicyParameterStringParameterSet
```
-New-AzPolicyAssignment -Name -Scope [-NotScope ] [-DisplayName ]
+New-AzPolicyAssignment -Name [-Scope ] [-NotScope ] [-DisplayName ]
[-Description ] -PolicyDefinition [-PolicySetDefinition ]
-PolicyParameter [-Metadata ] [-EnforcementMode ]
[-AssignIdentity] [-Location ] [-ApiVersion ] [-Pre]
@@ -41,7 +41,7 @@ New-AzPolicyAssignment -Name -Scope [-NotScope ] [-D
### PolicySetParameterObjectParameterSet
```
-New-AzPolicyAssignment -Name -Scope [-NotScope ] [-DisplayName ]
+New-AzPolicyAssignment -Name [-Scope ] [-NotScope ] [-DisplayName ]
[-Description ] [-PolicyDefinition ] -PolicySetDefinition
-PolicyParameterObject [-Metadata ] [-EnforcementMode ]
[-AssignIdentity] [-Location ] [-ApiVersion ] [-Pre]
@@ -50,7 +50,7 @@ New-AzPolicyAssignment -Name -Scope [-NotScope ] [-D
### PolicySetParameterStringParameterSet
```
-New-AzPolicyAssignment -Name -Scope [-NotScope ] [-DisplayName ]
+New-AzPolicyAssignment -Name [-Scope ] [-NotScope ] [-DisplayName ]
[-Description ] [-PolicyDefinition ] -PolicySetDefinition
-PolicyParameter [-Metadata ] [-EnforcementMode ]
[-AssignIdentity] [-Location ] [-ApiVersion ] [-Pre]
@@ -438,7 +438,7 @@ Type: System.String
Parameter Sets: (All)
Aliases:
-Required: True
+Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
diff --git a/src/Resources/Resources/help/Remove-AzPolicyAssignment.md b/src/Resources/Resources/help/Remove-AzPolicyAssignment.md
index e69bca0f58d4..8393118b139d 100644
--- a/src/Resources/Resources/help/Remove-AzPolicyAssignment.md
+++ b/src/Resources/Resources/help/Remove-AzPolicyAssignment.md
@@ -15,7 +15,7 @@ Removes a policy assignment.
### NameParameterSet (Default)
```
-Remove-AzPolicyAssignment -Name -Scope [-ApiVersion ] [-Pre]
+Remove-AzPolicyAssignment -Name [-Scope ] [-ApiVersion ] [-Pre]
[-DefaultProfile ] [-WhatIf] [-Confirm] []
```
@@ -139,7 +139,7 @@ Type: System.String
Parameter Sets: NameParameterSet
Aliases:
-Required: True
+Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
diff --git a/src/Resources/Resources/help/Set-AzPolicyAssignment.md b/src/Resources/Resources/help/Set-AzPolicyAssignment.md
index cfd257054c88..60f017720367 100644
--- a/src/Resources/Resources/help/Set-AzPolicyAssignment.md
+++ b/src/Resources/Resources/help/Set-AzPolicyAssignment.md
@@ -15,7 +15,7 @@ Modifies a policy assignment.
### NameParameterSet (Default)
```
-Set-AzPolicyAssignment -Name -Scope [-NotScope ] [-DisplayName ]
+Set-AzPolicyAssignment -Name [-Scope ] [-NotScope ] [-DisplayName ]
[-Description ] [-Metadata ] [-AssignIdentity] [-Location ]
[-EnforcementMode ] [-ApiVersion ] [-Pre]
[-DefaultProfile ] []
@@ -23,7 +23,7 @@ Set-AzPolicyAssignment -Name -Scope [-NotScope ] [-D
### PolicyParameterNameObjectParameterSet
```
-Set-AzPolicyAssignment -Name -Scope [-NotScope ] [-DisplayName ]
+Set-AzPolicyAssignment -Name [-Scope ] [-NotScope ] [-DisplayName ]
[-Description ] [-Metadata ] -PolicyParameterObject [-AssignIdentity]
[-Location ] [-EnforcementMode ] [-ApiVersion ] [-Pre]
[-DefaultProfile ] []
@@ -31,7 +31,7 @@ Set-AzPolicyAssignment -Name -Scope [-NotScope ] [-D
### PolicyParameterNameStringParameterSet
```
-Set-AzPolicyAssignment -Name -Scope [-NotScope ] [-DisplayName ]
+Set-AzPolicyAssignment -Name [-Scope ] [-NotScope ] [-DisplayName ]
[-Description ] [-Metadata ] -PolicyParameter [-AssignIdentity] [-Location ]
[-EnforcementMode ] [-ApiVersion ] [-Pre]
[-DefaultProfile ] []
@@ -361,7 +361,7 @@ Type: System.String
Parameter Sets: NameParameterSet, PolicyParameterNameObjectParameterSet, PolicyParameterNameStringParameterSet
Aliases:
-Required: True
+Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)