HierarchyMap

TenantSummary

Download CSV semicolon | comma
Scope Scope Id Policy DisplayName PolicyId Category Effect Role definitions Unique assignments Used in PolicySets CreatedOn CreatedBy UpdatedOn UpdatedBy
Mg ESJH Application Gateway should be deployed with WAF enabled /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-appgw-without-waf Network Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub f28ba982-5ed0-4033-9bdf-e45e4b5df466 Create NSG Rule /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policydefinitions/4e7e976d-d94c-47a3-a534-392c641cecd8 CUST_NSG Fixed: append n/a 0 0 2021-05-18 18:01:38 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 2021-05-18 18:22:00 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH Deny the creation of private DNS /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-private-dns-zones Network Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deny the creation of public IP /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicip Network Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deny vNet peering /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-erpeering Network Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy a default budget on subscriptions /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-budget Budget Fixed: DeployIfNotExists Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy an Azure DDoS Protection Standard plan /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-ddosprotection Network Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Azure Defender settings in Azure Security Center. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Security Center Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Security Admin 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security) 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Azure Firewall Manager policy in the subscription /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-firewallpolicy Network Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Activity Log to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log) 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-analysisservice Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for API Management to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apimgmt Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-webserverfarm Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for App Service to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-website Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-applicationgateway Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Automation to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aa Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datalakestore Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-function Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Batch to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-batch Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cdnendpoints Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cognitiveservices Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Container Instances to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aci Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Container Registry to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-acr Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cosmosdb Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Data Factory to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datafactory Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dlanalytics Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mysql Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-postgresql Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Databricks to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-databricks Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsub Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsystemtopic Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridtopic Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventhub Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-expressroute Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Firewall to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-firewall Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Front Door to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-frontdoor Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for HDInsight to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-hdinsight Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-iothub Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Key Vault to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-keyvault Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aks Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-loadbalancer Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappsise Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Logic Apps Workflow runtime to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappswf Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mlworkspace Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for MariaDB to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mariadb Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-nic Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-networksecuritygroups Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-powerbiembedded Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-publicip Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Recovery Services vaults to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-recoveryvault Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-rediscache Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Relay to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-relay Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Search Services to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-searchservices Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-servicebus Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for SignalR to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-signalr Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqldbs Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlelasticpools Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlmi Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-streamanalytics Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-timeseriesinsights Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-trafficmanager Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vmss Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vm Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-virtualnetwork Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vnetgw Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy DNS Zone Group for Key Vault Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-keyvault-privateendpoint Network Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy DNS Zone Group for SQL Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-sql-privateendpoint Network Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy DNS Zone Group for Storage-Blob Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-table-privateendpoint Network Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy DNS Zone Group for Storage-File Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-file-privateendpoint Network Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy DNS Zone Group for Storage-Queue Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-queue-privateendpoint Network Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy DNS Zone Group for Storage-Blob Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-blob-privateendpoint Network Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy spoke network with configuration to hub network based on ipam configuration object /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vnet Network Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0 2021-01-10 20:57:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy SQL database auditing settings /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-auditingsettings SQL Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled SQL Security Manager 0 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security) 2021-01-10 20:57:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy SQL Database security Alert Policies configuration with email admin accounts /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-securityalertpolicies SQL Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled SQL Security Manager 0 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy SQL Database Transparent Data Encryption /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-tde SQL Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled SQL Security Manager 0 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security) 2021-01-10 20:57:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy SQL Database vulnerability Assessments /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-vulnerabilityassessments SQL Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled SQL Security Manager, Monitoring Contributor 0 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy the configurations to the Log Analytics in the subscription /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-la-config Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy the Log Analytics in the subscription /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-log-analytics Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 1 (/providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics) 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy the Virtual WAN in the specific region /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vwan Network Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Virtual Hub network with Virtual Wan and Gateway and Firewall configured. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vhub Network Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Virtual Network to be used as hub virtual network in desired region /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-hub Network Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy Windows Domain Join Extension with keyvault configuration /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-windows-domainjoin Guest Configuration Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Virtual Machine Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploys NSG flow logs and traffic analytics /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-nsg-flowlogs Monitoring Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploys virtual network peering to hub /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vnet-hubspoke Network Fixed: deployIfNotExists Contributor 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH KeyVault SoftDelete should be enabled /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/append-kv-softdelete Key Vault Fixed: append n/a 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH No child resources in Automation Account /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-aa-child-resources Automation Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Public network access on AKS API should be disabled /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-aks Kubernetes Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 1 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Public network access on Azure SQL Database should be disabled /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-sql SQL Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 1 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Public network access onStorage accounts should be disabled /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-storage Storage Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 1 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Public network access should be disabled for CosmosDB /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-cosmosdb SQL Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 1 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-07-15 15:15:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH Public network access should be disabled for KeyVault /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-keyvault Key Vault Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 1 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Public network access should be disabled for MariaDB /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb SQL Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 1 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Public network access should be disabled for MySQL /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mysql SQL Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 1 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Public network access should be disabled for PostgreSql /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-postgresql SQL Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 1 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints) 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH RDP access from the Internet should be blocked /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet Network Default: Deny; Allowed: Audit,Deny,Disabled n/a 1 (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet) 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Subnets should have a Network Security Group /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg Network Default: Deny; Allowed: Audit,Deny,Disabled n/a 1 (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg) 0 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Download CSV semicolon | comma
Policy DisplayName PolicyId
KeyVault SoftDelete should be enabled /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/append-kv-softdelete
No child resources in Automation Account /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-aa-child-resources
Application Gateway should be deployed with WAF enabled /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-appgw-without-waf
Deny vNet peering /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-erpeering
Deny the creation of private DNS /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-private-dns-zones
Deny the creation of public IP /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicip
Deploy a default budget on subscriptions /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-budget
Deploy an Azure DDoS Protection Standard plan /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-ddosprotection
Deploy DNS Zone Group for Storage-Blob Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-blob-privateendpoint
Deploy DNS Zone Group for Storage-File Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-file-privateendpoint
Deploy DNS Zone Group for Key Vault Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-keyvault-privateendpoint
Deploy DNS Zone Group for Storage-Queue Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-queue-privateendpoint
Deploy DNS Zone Group for SQL Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-sql-privateendpoint
Deploy DNS Zone Group for Storage-Blob Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-table-privateendpoint
Deploy Azure Firewall Manager policy in the subscription /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-firewallpolicy
Deploy Virtual Network to be used as hub virtual network in desired region /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-hub
Deploy the configurations to the Log Analytics in the subscription /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-la-config
Deploys NSG flow logs and traffic analytics /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-nsg-flowlogs
Deploy Virtual Hub network with Virtual Wan and Gateway and Firewall configured. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vhub
Deploy spoke network with configuration to hub network based on ipam configuration object /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vnet
Deploys virtual network peering to hub /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vnet-hubspoke
Deploy the Virtual WAN in the specific region /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vwan
Deploy Windows Domain Join Extension with keyvault configuration /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-windows-domainjoin
Create NSG Rule /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policydefinitions/4e7e976d-d94c-47a3-a534-392c641cecd8
Download CSV semicolon | comma
Scope ScopeId PolicySet DisplayName PolicySetId Category Unique assignments Policies used in PolicySet CreatedOn CreatedBy UpdatedOn UpdatedBy
Mg ESJH Deploy Diagnostic Settings to Azure Services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics Monitoring 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag) 55 (Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-analysisservice), Deploy Diagnostic Settings for API Management to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apimgmt), Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-webserverfarm), Deploy Diagnostic Settings for App Service to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-website), Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-applicationgateway), Deploy Diagnostic Settings for Automation to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aa), Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datalakestore), Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-function), Deploy Diagnostic Settings for Batch to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-batch), Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cdnendpoints), Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cognitiveservices), Deploy Diagnostic Settings for Container Instances to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aci), Deploy Diagnostic Settings for Container Registry to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-acr), Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cosmosdb), Deploy Diagnostic Settings for Data Factory to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datafactory), Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dlanalytics), Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mysql), Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-postgresql), Deploy Diagnostic Settings for Databricks to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-databricks), Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsub), Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsystemtopic), Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridtopic), Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventhub), Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-expressroute), Deploy Diagnostic Settings for Firewall to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-firewall), Deploy Diagnostic Settings for Front Door to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-frontdoor), Deploy Diagnostic Settings for HDInsight to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-hdinsight), Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-iothub), Deploy Diagnostic Settings for Key Vault to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-keyvault), Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aks), Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-loadbalancer), Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappsise), Deploy Diagnostic Settings for Logic Apps Workflow runtime to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappswf), Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mlworkspace), Deploy Diagnostic Settings for MariaDB to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mariadb), Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-nic), Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-networksecuritygroups), Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-powerbiembedded), Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-publicip), Deploy Diagnostic Settings for Recovery Services vaults to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-recoveryvault), Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-rediscache), Deploy Diagnostic Settings for Relay to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-relay), Deploy Diagnostic Settings for Search Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-searchservices), Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-servicebus), Deploy Diagnostic Settings for SignalR to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-signalr), Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqldbs), Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlelasticpools), Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlmi), Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-streamanalytics), Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-timeseriesinsights), Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-trafficmanager), Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vmss), Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vm), Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-virtualnetwork), Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vnetgw)) 2021-01-10 20:57:40 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy SQL Database built-in SQL security configuration /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security SQL 0 4 (Deploy SQL database auditing settings (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-auditingsettings), Deploy SQL Database security Alert Policies configuration with email admin accounts (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-securityalertpolicies), Deploy SQL Database Transparent Data Encryption (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-tde), Deploy SQL Database vulnerability Assessments (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-vulnerabilityassessments)) 2021-01-10 20:57:40 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Public network access should be disabled for PAAS services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints Network 0 8 (Public network access on AKS API should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-aks), Public network access on Azure SQL Database should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-sql), Public network access onStorage accounts should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-storage), Public network access should be disabled for CosmosDB (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-cosmosdb), Public network access should be disabled for KeyVault (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-keyvault), Public network access should be disabled for MariaDB (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb), Public network access should be disabled for MySQL (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mysql), Public network access should be disabled for PostgreSql (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-postgresql)) 2021-01-10 20:57:40 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Download CSV semicolon | comma
PolicySet DisplayName PolicySetId
Public network access should be disabled for PAAS services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints
Deploy SQL Database built-in SQL security configuration /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security

0 PolicySets / deprecated Built-in Policy

Download CSV semicolon | comma
Policy Assignment DisplayName Policy AssignmentId Policy/PolicySet PolicySet DisplayName PolicySetId Policy DisplayName PolicyId Deprecated Property
testDeprecatedAssignment /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/bcdd1466e4fc5114b6e5f13d Policy n/a n/a [Deprecated]: Function App should only be accessible over HTTPS /providers/microsoft.authorization/policydefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55 True
Download CSV semicolon | comma
Mg/Sub Management Group Id Management Group Name SubscriptionId Subscription Name ResourceGroup ResourceName / ResourceType DisplayName Category ExpiresOn (UTC) Id Policy AssignmentId
MG ESJH-sandboxes ESJH-sandboxes ESJH-sandboxes - ASC-Monitoring Waiver expired 2021-02-04 23:00:00 /providers/Microsoft.Management/managementGroups/ESJH-sandboxes/providers/Microsoft.Authorization/policyExemptions/02752b36ec214097999f6b9b /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone landingZone - ASC-Monitoring Waiver expired 2021-02-03 23:00:00 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/policyExemptions/95e48160397b4d21ac96d7ca /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring
Download CSV semicolon | comma
*Depending on the number of rows and your computer´s performance the table may respond with delay, download the csv for better filtering experience
Scope Management Group Id Management Group Name SubscriptionId Subscription Name Inheritance ScopeExcluded Exemption applies Policy/Set DisplayName Policy/Set Description Policy/SetId Policy/Set Type Category Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Assignment DisplayName Assignment Description AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
Mg ESJH ESJH thisScope Mg false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v2, see https://aka.ms/azsecbm. This also serves as the Azure Security Center default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Azure Security Center. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center n/a Default 22 16 12 0 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 2021-01-10 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope Mg false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 1 0 2 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope Mg false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 2 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope Mg false false Configure Log Analytics agent on Azure Arc enabled Linux servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope Mg false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 4 0 7 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope Mg false false Enable Azure Monitor for VMs Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-07-09 16:04:52 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH ESJH thisScope Mg false false Enable Azure Monitor for Virtual Machine Scale Sets Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope Mg false false Configure Log Analytics agent on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v2, see https://aka.ms/azsecbm. This also serves as the Azure Security Center default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Azure Security Center. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center n/a Default 0 0 0 0 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 2021-01-10 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Linux servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Enable Azure Monitor for VMs Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-07-09 16:04:52 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Enable Azure Monitor for Virtual Machine Scale Sets Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Network interfaces should disable IP forwarding This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team. /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 Policy BuiltIn Network deny Default 0 0 0 0 0 none Deny-IP-Forwarding Deny-IP-Forwarding /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding n/a 2021-01-10 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Kubernetes clusters should not allow container privilege escalation Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Policy BuiltIn Kubernetes deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Escalations-AKS Deny-Privileged-Escalations-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks n/a 2021-01-10 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Kubernetes cluster should not allow privileged containers Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 Policy BuiltIn Kubernetes deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Containers-AKS Deny-Privileged-Containers-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks n/a 2021-01-10 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false RDP access from the Internet should be blocked This policy denies any network security rule that allows RDP access from Internet /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet Policy Custom Network Deny Default 0 0 0 0 0 none Deny-RDP-from-Internet Deny-RDP-from-Internet /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet n/a 2021-01-10 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Secure transfer to storage accounts should be enabled Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 Policy BuiltIn Storage Audit Default 0 0 0 0 0 none Enforce-Secure-Storage Enforce-Secure-Storage /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http n/a 2021-01-10 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-01-25 22:26:59 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Subnets should have a Network Security Group This policy denies the creation of a subsnet with out an Network Security Group. NSG help to protect traffic across subnet-level. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg Policy Custom Network Deny Default 1 0 1 0 0 none Deny-Subnet-Without-Nsg Deny-Subnet-Without-Nsg /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg n/a 2021-01-10 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Deploy Azure Policy Add-on to Azure Kubernetes Service clusters Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc. /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 Policy BuiltIn Kubernetes deployIfNotExists Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/4f80e55d-446d-5743-a173-5d189d196345) Deploy-AKS-Policy Deploy-AKS-Policy /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy n/a 2021-01-10 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Auditing on SQL server should be enabled Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Policy BuiltIn SQL AuditIfNotExists Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) Deploy-SQL-Audit Deploy-SQL-Audit /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing n/a 2021-01-10 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag. /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 Policy BuiltIn Backup deployIfNotExists Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) Deploy-VM-Backup Deploy-VM-Backup /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup n/a 2021-01-10 20:58:34 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Kubernetes clusters should be accessible only over HTTPS Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for AKS Engine and Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Policy BuiltIn Kubernetes deny effect=deny Default 0 0 0 0 0 none Enforce-Https-Ingress-AKS Enforce-Https-Ingress-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https n/a 2021-01-10 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Deploy SQL DB transparent data encryption Enables transparent data encryption on SQL databases /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f Policy BuiltIn SQL DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3df334e6-61c3-543a-b548-97586caf6d4f) Deploy-SQL-Security Deploy-SQL-Security /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption n/a 2021-01-10 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v2, see https://aka.ms/azsecbm. This also serves as the Azure Security Center default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Azure Security Center. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center n/a Default 21 17 8 0 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 2021-01-10 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 1 0 1 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Linux servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 3 0 4 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Enable Azure Monitor for VMs Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-07-09 16:04:52 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Enable Azure Monitor for Virtual Machine Scale Sets Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v2, see https://aka.ms/azsecbm. This also serves as the Azure Security Center default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Azure Security Center. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center n/a Default 15 11 4 0 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 2021-01-10 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 1 0 1 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Linux servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 2 0 3 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH false false Enable Azure Monitor for VMs Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-07-09 16:04:52 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-platform ESJH-platform inherited ESJH false false Enable Azure Monitor for Virtual Machine Scale Sets Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes thisScope Mg false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute audit Default 0 0 0 0 0 none Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b1 Joe Dalton 2021-05-05 19:52:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes thisScope Mg false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute audit Default 0 0 0 0 0 none APA Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b2 n/a 2021-07-06 09:42:48 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-sandboxes ESJH-sandboxes thisScope Mg false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute audit Default 0 0 0 0 0 none APA2 Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b3 n/a 2021-07-06 10:32:34 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-sandboxes ESJH-sandboxes thisScope Mg false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute audit Default 0 0 0 0 0 none APA3 Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b4 n/a 2021-07-06 11:59:31 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v2, see https://aka.ms/azsecbm. This also serves as the Azure Security Center default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Azure Security Center. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center n/a Default 0 0 0 0 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 2021-01-10 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Linux servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Enable Azure Monitor for VMs Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-07-09 16:04:52 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Enable Azure Monitor for Virtual Machine Scale Sets Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz thisScope Mg false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute audit Default 0 0 0 0 0 none APA Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policyassignments/aa4f4fdfd3b04fb3962a9da9 Joe Dalton 2021-07-15 15:16:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited ESJH-sandboxes false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute audit Default 0 0 0 0 0 none Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b1 Joe Dalton 2021-05-05 19:52:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited ESJH-sandboxes false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute audit Default 0 0 0 0 0 none APA Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b2 n/a 2021-07-06 09:42:48 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg CUST_T5 CUST_T5 atz inherited ESJH-sandboxes false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute audit Default 0 0 0 0 0 none APA2 Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b3 n/a 2021-07-06 10:32:34 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg CUST_T5 CUST_T5 atz inherited ESJH-sandboxes false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute audit Default 0 0 0 0 0 none APA3 Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b4 n/a 2021-07-06 11:59:31 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v2, see https://aka.ms/azsecbm. This also serves as the Azure Security Center default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Azure Security Center. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center n/a Default 0 0 0 0 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 2021-01-10 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Linux servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Enable Azure Monitor for VMs Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-07-09 16:04:52 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Enable Azure Monitor for Virtual Machine Scale Sets Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management thisScope Mg false false Deploy the Log Analytics in the subscription Deploys Log Analytics and Automation account to the subscription where the policy is assigned. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-log-analytics Policy Custom Monitoring DeployIfNotExists automationAccountName=ESJH-a-f28ba982-5ed0-4033-9bdf-e45e4b5df466, automationRegion=westeurope, retentionInDays=30, rgName=ESJH-mgmt, workspaceName=ESJH-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, workspaceRegion=westeurope Default 0 1 0 1 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH-management/providers/Microsoft.Authorization/roleAssignments/b95d2309-e3d0-5961-bef8-a3e75deca49a) Deploy-Log-Analytics Deploy-Log-Analytics /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics n/a 2021-01-10 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v2, see https://aka.ms/azsecbm. This also serves as the Azure Security Center default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Azure Security Center. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center n/a Default 15 11 4 0 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 2021-01-10 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 1 0 1 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Linux servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 2 0 3 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Enable Azure Monitor for VMs Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-07-09 16:04:52 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-management ESJH-management inherited ESJH false false Enable Azure Monitor for Virtual Machine Scale Sets Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH-management false false Deploy the Log Analytics in the subscription Deploys Log Analytics and Automation account to the subscription where the policy is assigned. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-log-analytics Policy Custom Monitoring DeployIfNotExists automationAccountName=ESJH-a-f28ba982-5ed0-4033-9bdf-e45e4b5df466, automationRegion=westeurope, retentionInDays=30, rgName=ESJH-mgmt, workspaceName=ESJH-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, workspaceRegion=westeurope Default 0 1 0 1 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH-management/providers/Microsoft.Authorization/roleAssignments/b95d2309-e3d0-5961-bef8-a3e75deca49a) Deploy-Log-Analytics Deploy-Log-Analytics /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics n/a 2021-01-10 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v2, see https://aka.ms/azsecbm. This also serves as the Azure Security Center default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Azure Security Center. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center n/a Default 15 11 4 0 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 2021-01-10 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 1 0 1 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Linux servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 2 0 3 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Enable Azure Monitor for VMs Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-07-09 16:04:52 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Enable Azure Monitor for Virtual Machine Scale Sets Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management thisScope Sub false false Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances Enable Azure Defender on your SQL Servers and SQL Managed Instances to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. /providers/microsoft.authorization/policysetdefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97 PolicySet BuiltIn Security Center n/a Default 0 0 0 0 0 none ASC DataProtection (subscription: f28ba982-5ed0-4033-9bdf-e45e4b5df466) This policy assignment was automatically created by Azure Security Center /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policyassignments/dataprotectionsecuritycenter Security Center 2021-01-10 21:02:38 ObjectType: SP App EXT, ObjectDisplayName: Windows Azure Security Resource Provider, ObjectSignInName: n/a, ObjectId: 9ac4e379-ffb1-4e2c-ac89-3752d019abfd (rp)
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Network interfaces should disable IP forwarding This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team. /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 Policy BuiltIn Network deny Default 0 0 0 0 0 none Deny-IP-Forwarding Deny-IP-Forwarding /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding n/a 2021-01-10 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Kubernetes clusters should not allow container privilege escalation Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Policy BuiltIn Kubernetes deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Escalations-AKS Deny-Privileged-Escalations-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks n/a 2021-01-10 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Kubernetes cluster should not allow privileged containers Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 Policy BuiltIn Kubernetes deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Containers-AKS Deny-Privileged-Containers-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks n/a 2021-01-10 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false RDP access from the Internet should be blocked This policy denies any network security rule that allows RDP access from Internet /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet Policy Custom Network Deny Default 0 0 0 0 0 none Deny-RDP-from-Internet Deny-RDP-from-Internet /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet n/a 2021-01-10 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Secure transfer to storage accounts should be enabled Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 Policy BuiltIn Storage Audit Default 0 0 0 0 0 none Enforce-Secure-Storage Enforce-Secure-Storage /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http n/a 2021-01-10 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-01-25 22:26:59 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Subnets should have a Network Security Group This policy denies the creation of a subsnet with out an Network Security Group. NSG help to protect traffic across subnet-level. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg Policy Custom Network Deny Default 1 0 1 0 0 none Deny-Subnet-Without-Nsg Deny-Subnet-Without-Nsg /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg n/a 2021-01-10 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Deploy Azure Policy Add-on to Azure Kubernetes Service clusters Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc. /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 Policy BuiltIn Kubernetes deployIfNotExists Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/4f80e55d-446d-5743-a173-5d189d196345) Deploy-AKS-Policy Deploy-AKS-Policy /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy n/a 2021-01-10 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Auditing on SQL server should be enabled Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Policy BuiltIn SQL AuditIfNotExists Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) Deploy-SQL-Audit Deploy-SQL-Audit /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing n/a 2021-01-10 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag. /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 Policy BuiltIn Backup deployIfNotExists Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) Deploy-VM-Backup Deploy-VM-Backup /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup n/a 2021-01-10 20:58:34 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Kubernetes clusters should be accessible only over HTTPS Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for AKS Engine and Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Policy BuiltIn Kubernetes deny effect=deny Default 0 0 0 0 0 none Enforce-Https-Ingress-AKS Enforce-Https-Ingress-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https n/a 2021-01-10 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Deploy SQL DB transparent data encryption Enables transparent data encryption on SQL databases /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f Policy BuiltIn SQL DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3df334e6-61c3-543a-b548-97586caf6d4f) Deploy-SQL-Security Deploy-SQL-Security /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption n/a 2021-01-10 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v2, see https://aka.ms/azsecbm. This also serves as the Azure Security Center default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Azure Security Center. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center n/a Default 21 17 8 0 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 2021-01-10 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 1 0 1 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Linux servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 3 0 4 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Enable Azure Monitor for VMs Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-07-09 16:04:52 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-online ESJH-online inherited ESJH false false Enable Azure Monitor for Virtual Machine Scale Sets Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Network interfaces should disable IP forwarding This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team. /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 Policy BuiltIn Network deny Default 0 0 0 0 0 none Deny-IP-Forwarding Deny-IP-Forwarding /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding n/a 2021-01-10 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Kubernetes clusters should not allow container privilege escalation Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Policy BuiltIn Kubernetes deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Escalations-AKS Deny-Privileged-Escalations-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks n/a 2021-01-10 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Kubernetes cluster should not allow privileged containers Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 Policy BuiltIn Kubernetes deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Containers-AKS Deny-Privileged-Containers-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks n/a 2021-01-10 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false RDP access from the Internet should be blocked This policy denies any network security rule that allows RDP access from Internet /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet Policy Custom Network Deny Default 0 0 0 0 0 none Deny-RDP-from-Internet Deny-RDP-from-Internet /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet n/a 2021-01-10 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones true false Secure transfer to storage accounts should be enabled Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 Policy BuiltIn Storage Audit Default 0 0 0 0 0 none Enforce-Secure-Storage Enforce-Secure-Storage /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http n/a 2021-01-10 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-01-25 22:26:59 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Subnets should have a Network Security Group This policy denies the creation of a subsnet with out an Network Security Group. NSG help to protect traffic across subnet-level. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg Policy Custom Network Deny Default 1 0 1 0 0 none Deny-Subnet-Without-Nsg Deny-Subnet-Without-Nsg /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg n/a 2021-01-10 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Deploy Azure Policy Add-on to Azure Kubernetes Service clusters Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc. /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 Policy BuiltIn Kubernetes deployIfNotExists Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/4f80e55d-446d-5743-a173-5d189d196345) Deploy-AKS-Policy Deploy-AKS-Policy /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy n/a 2021-01-10 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Auditing on SQL server should be enabled Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Policy BuiltIn SQL AuditIfNotExists Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) Deploy-SQL-Audit Deploy-SQL-Audit /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing n/a 2021-01-10 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag. /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 Policy BuiltIn Backup deployIfNotExists Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) Deploy-VM-Backup Deploy-VM-Backup /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup n/a 2021-01-10 20:58:34 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Kubernetes clusters should be accessible only over HTTPS Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for AKS Engine and Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Policy BuiltIn Kubernetes deny effect=deny Default 0 0 0 0 0 none Enforce-Https-Ingress-AKS Enforce-Https-Ingress-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https n/a 2021-01-10 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Deploy SQL DB transparent data encryption Enables transparent data encryption on SQL databases /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f Policy BuiltIn SQL DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3df334e6-61c3-543a-b548-97586caf6d4f) Deploy-SQL-Security Deploy-SQL-Security /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption n/a 2021-01-10 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v2, see https://aka.ms/azsecbm. This also serves as the Azure Security Center default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Azure Security Center. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center n/a Default 21 17 8 0 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 2021-01-10 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 1 0 1 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Linux servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 3 0 4 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Enable Azure Monitor for VMs Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-07-09 16:04:52 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Enable Azure Monitor for Virtual Machine Scale Sets Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Configure Log Analytics agent on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics agent virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub false false [Deprecated]: Function App should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. /providers/microsoft.authorization/policydefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55 Policy BuiltIn Security Center AuditIfNotExists Default 0 0 0 0 0 none testDeprecatedAssignment no description given /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/bcdd1466e4fc5114b6e5f13d n/a 2021-07-18 15:09:28 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub false false Audit virtual machines without disaster recovery configured Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc. /providers/microsoft.authorization/policydefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Policy BuiltIn Compute auditIfNotExists Default 0 0 0 0 0 none Audit virtual machines without disaster recovery configured no description given /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/bcee1466e4fc4114b5e5f03d Joe Dalton 2021-06-16 16:07:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub false false Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances Enable Azure Defender on your SQL Servers and SQL Managed Instances to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. /providers/microsoft.authorization/policysetdefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97 PolicySet BuiltIn Security Center n/a Default 0 0 0 0 0 none ASC DataProtection (subscription: 4dfa3b56-55bf-4059-802a-24e44a4fb60f) This policy assignment was automatically created by Azure Security Center /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/dataprotectionsecuritycenter Security Center 2021-01-10 21:02:17 ObjectType: SP App EXT, ObjectDisplayName: Windows Azure Security Resource Provider, ObjectSignInName: n/a, ObjectId: 9ac4e379-ffb1-4e2c-ac89-3752d019abfd (rp)
Download CSV semicolon | comma
Role Name RoleId Assignable Scopes Data CreatedOn CreatedBy UpdatedOn UpdatedBy
CustRole_P_9982_176 6b44d6da-5658-444e-a36d-ce64b14011ab 1 (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466) false 2021-05-18 18:03:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 2021-05-18 18:23:40 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
CustRole_P_9982_178 fc14b032-e6e8-440b-a328-f55918e8c83e 2 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f, /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466) false 2021-06-16 10:10:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Task4638Role 8808ebf9-4602-4635-a9b8-6c0f002695be 1 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f) false 2021-01-25 22:22:09 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
testRole3366 f548f1ea-48f1-4a74-9061-b5dacacf514a 1 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f) false 2021-07-18 15:22:38 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 2021-07-19 19:45:44 ObjectType: User Member, ObjectDisplayName: Jack Dalton, ObjectSignInName: JackDalton@AzGovViz.onmicrosoft.com, ObjectId: c64d2776-a210-428f-b54f-a4a5dd7f8ef8
testRole3367 f7028056-3a12-43ac-a499-0d1844a02240 1 (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466) false 2021-08-04 15:34:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
testRole3368 08a2d627-a94e-461e-8350-432b457d00a3 1 (/providers/microsoft.management/managementgroups/esjhdev) false 2021-08-04 15:36:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Download CSV semicolon | comma
Role Name RoleId Assignable Scopes
CustRole_P_9982_176 6b44d6da-5658-444e-a36d-ce64b14011ab 1 (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466)
CustRole_P_9982_178 fc14b032-e6e8-440b-a328-f55918e8c83e 2 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f, /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466)
Task4638Role 8808ebf9-4602-4635-a9b8-6c0f002695be 1 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f)
testRole3366 f548f1ea-48f1-4a74-9061-b5dacacf514a 1 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f)
testRole3367 f7028056-3a12-43ac-a499-0d1844a02240 1 (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466)
testRole3368 08a2d627-a94e-461e-8350-432b457d00a3 1 (/providers/microsoft.management/managementgroups/esjhdev)

0 Orphaned Role assignments (Tenant wide)

Download CSV semicolon | comma
*Depending on the number of rows and your computer´s performance the table may respond with delay, download the csv for better filtering experience
Scope Management Group Id Management Group Name SubscriptionId Subscription Name Assignment Scope Role Role Id Role Type Data Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
Ten 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Authorization/roleAssignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 2021-01-10 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Authorization/roleAssignments/6c236776-529f-4132-b034-e399e1cd1a99 none 2021-01-10 20:51:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 2021-07-06 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 2021-06-16 13:58:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 2021-04-27 16:53:54 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 2021-07-19 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 2021-07-06 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 2021-06-16 13:58:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 2021-04-27 16:53:54 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 2021-07-19 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH ESJH inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Authorization/roleAssignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 2021-01-10 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH ESJH inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Authorization/roleAssignments/6c236776-529f-4132-b034-e399e1cd1a99 none 2021-01-10 20:51:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 2021-01-10 21:00:49 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Linux servers) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Enable Azure Monitor for VMs) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Enable Azure Monitor for Virtual Machine Scale Sets) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Windows servers) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 2021-01-10 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 2021-07-06 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 2021-06-16 13:58:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 2021-04-27 16:53:54 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 2021-07-19 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJHDEV ESJHDEV inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Authorization/roleAssignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 2021-01-10 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJHDEV ESJHDEV inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Authorization/roleAssignments/6c236776-529f-4132-b034-e399e1cd1a99 none 2021-01-10 20:51:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/ESJHDEV/providers/Microsoft.Authorization/roleAssignments/983c43f8-1c29-4c73-9816-b69d38226be4 none 2021-07-06 13:09:24 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 2021-07-06 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 2021-06-16 13:58:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 2021-04-27 16:53:54 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 2021-07-19 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJHQA ESJHQA inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Authorization/roleAssignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 2021-01-10 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJHQA ESJHQA inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Authorization/roleAssignments/6c236776-529f-4132-b034-e399e1cd1a99 none 2021-01-10 20:51:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA thisScope MG Security Reader 39bc4728-0917-49c7-9d2c-d95423bc2eb4 Builtin false group04NoMembers n/a 5f90ced2-7d5e-493b-9db6-862b9332e20a Group direct 0 (Usr: 0, Grp: 0, SP: 0) /providers/Microsoft.Management/managementGroups/ESJHQA/providers/Microsoft.Authorization/roleAssignments/e010f291-49a9-4d4b-be4d-55c6aeb164cd none 2021-08-06 09:30:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA thisScope MG Log Analytics Reader 73c42c96-874c-492b-b04d-ab87d138a893 Builtin false group04NoMembers n/a 5f90ced2-7d5e-493b-9db6-862b9332e20a Group indirect group05OneMemberGroupWithNoMembers (c57f8838-1603-4932-b3c4-9572feea9173) 1 (Usr: 0, Grp: 1, SP: 0) /providers/Microsoft.Management/managementGroups/ESJHQA/providers/Microsoft.Authorization/roleAssignments/fe935a9c-928f-4dec-aafb-54ecc2642cf3 none 2021-08-06 09:30:52 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA thisScope MG Log Analytics Reader 73c42c96-874c-492b-b04d-ab87d138a893 Builtin false group05OneMemberGroupWithNoMembers n/a c57f8838-1603-4932-b3c4-9572feea9173 Group direct 1 (Usr: 0, Grp: 1, SP: 0) /providers/Microsoft.Management/managementGroups/ESJHQA/providers/Microsoft.Authorization/roleAssignments/fe935a9c-928f-4dec-aafb-54ecc2642cf3 none 2021-08-06 09:30:52 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/ESJHQA/providers/Microsoft.Authorization/roleAssignments/9f1fe9df-5a9c-46ca-b881-154ecd19eaa7 none 2021-07-06 10:02:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 2021-07-06 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 2021-06-16 13:58:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 2021-04-27 16:53:54 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 2021-07-19 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 2021-01-10 21:00:49 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Linux servers) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Enable Azure Monitor for VMs) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Enable Azure Monitor for Virtual Machine Scale Sets) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Windows servers) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 2021-01-10 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Ten ESJH-decommissioned ESJH-decommissioned inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Authorization/roleAssignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 2021-01-10 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-decommissioned ESJH-decommissioned inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Authorization/roleAssignments/6c236776-529f-4132-b034-e399e1cd1a99 none 2021-01-10 20:51:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned thisScope MG Security Reader 39bc4728-0917-49c7-9d2c-d95423bc2eb4 Builtin false Jesse James Jesse.James@AzGovViz.onmicrosoft.com 6f71f3b7-98e1-4821-8116-13b41476ef84 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-decommissioned/providers/Microsoft.Authorization/roleAssignments/9bdf3098-8e69-4e98-bd8c-22b991783b10 none 2021-06-16 09:52:59 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-decommissioned/providers/Microsoft.Authorization/roleAssignments/81bb9ace-a96d-47ab-b9a2-8952e655aa0c none 2021-01-10 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 2021-07-06 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 2021-06-16 13:58:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 2021-04-27 16:53:54 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 2021-07-19 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 2021-01-10 21:00:49 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Linux servers) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Enable Azure Monitor for VMs) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Enable Azure Monitor for Virtual Machine Scale Sets) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Windows servers) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 2021-01-10 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Ten ESJH-landingzones ESJH-landingzones inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Authorization/roleAssignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 2021-01-10 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-landingzones ESJH-landingzones inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Authorization/roleAssignments/6c236776-529f-4132-b034-e399e1cd1a99 none 2021-01-10 20:51:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-AKS-Policy n/a fb0a7498-393f-434d-aa93-2acd144f489f SP MI direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/4f80e55d-446d-5743-a173-5d189d196345 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy (Deploy Azure Policy Add-on to Azure Kubernetes Service clusters) 2021-01-10 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-SQL-DB-Auditing n/a 4f3a2551-ea2f-43c6-9623-8950156d19b7 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing (Auditing on SQL server should be enabled) 2021-01-10 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VM-Backup n/a e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup (Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy) 2021-01-10 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Enforce-SQL-Encryption n/a 34520a11-7b14-46a8-ac34-7d766959460a SP MI direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3df334e6-61c3-543a-b548-97586caf6d4f /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption (Deploy SQL DB transparent data encryption) 2021-01-10 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/093ad67e-4eae-4536-aa0b-da4e09b47d88 none 2021-01-10 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-landingzones ESJH-landingzones thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false 3rdPartyStaff n/a cb036073-f86b-46e1-9726-1eaccb62a678 Group direct 1 (Usr: 1, Grp: 0, SP: 0) /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 2021-01-25 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect 3rdPartyStaff (cb036073-f86b-46e1-9726-1eaccb62a678) 1 (Usr: 1, Grp: 0, SP: 0) /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 2021-01-25 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 2021-07-06 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 2021-06-16 13:58:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 2021-04-27 16:53:54 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 2021-07-19 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 2021-01-10 21:00:49 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Linux servers) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Enable Azure Monitor for VMs) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Enable Azure Monitor for Virtual Machine Scale Sets) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Windows servers) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 2021-01-10 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Ten ESJH-platform ESJH-platform inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Authorization/roleAssignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 2021-01-10 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-platform ESJH-platform inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Authorization/roleAssignments/6c236776-529f-4132-b034-e399e1cd1a99 none 2021-01-10 20:51:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-platform/providers/Microsoft.Authorization/roleAssignments/243cb616-b890-4197-bc2e-98b966ba39f5 none 2021-01-10 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 2021-07-06 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 2021-06-16 13:58:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 2021-04-27 16:53:54 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 2021-07-19 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 2021-01-10 21:00:49 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Linux servers) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Enable Azure Monitor for VMs) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Enable Azure Monitor for Virtual Machine Scale Sets) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Windows servers) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 2021-01-10 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Ten ESJH-sandboxes ESJH-sandboxes inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Authorization/roleAssignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 2021-01-10 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-sandboxes ESJH-sandboxes inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Authorization/roleAssignments/6c236776-529f-4132-b034-e399e1cd1a99 none 2021-01-10 20:51:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-sandboxes/providers/Microsoft.Authorization/roleAssignments/5c852bb9-bc65-44cb-a7d7-f230589f9c5f none 2021-01-10 20:56:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-sandboxes ESJH-sandboxes thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-sandboxes/providers/Microsoft.Authorization/roleAssignments/5c852bb9-bc65-44cb-a7d7-f230589f9c11 none 2021-07-05 08:20:09 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 2021-07-06 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 2021-06-16 13:58:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 2021-04-27 16:53:54 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 2021-07-19 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 2021-01-10 21:00:49 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Linux servers) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Enable Azure Monitor for VMs) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Enable Azure Monitor for Virtual Machine Scale Sets) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Windows servers) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 2021-01-10 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg CUST_T5 CUST_T5 atz inherited ESJH-sandboxes Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-sandboxes/providers/Microsoft.Authorization/roleAssignments/5c852bb9-bc65-44cb-a7d7-f230589f9c5f none 2021-01-10 20:56:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg CUST_T5 CUST_T5 atz inherited ESJH-sandboxes Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-sandboxes/providers/Microsoft.Authorization/roleAssignments/5c852bb9-bc65-44cb-a7d7-f230589f9c11 none 2021-07-05 08:20:09 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Ten CUST_T5 CUST_T5 atz inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Authorization/roleAssignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 2021-01-10 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten CUST_T5 CUST_T5 atz inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Authorization/roleAssignments/6c236776-529f-4132-b034-e399e1cd1a99 none 2021-01-10 20:51:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/CUST_T5/providers/Microsoft.Authorization/roleAssignments/3c72bcce-6116-4d33-9f8a-927083beee40 none 2021-05-18 18:14:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 2021-07-06 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 2021-06-16 13:58:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 2021-04-27 16:53:54 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 2021-07-19 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 2021-01-10 21:00:49 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Linux servers) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Enable Azure Monitor for VMs) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Enable Azure Monitor for Virtual Machine Scale Sets) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Windows servers) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 2021-01-10 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-management ESJH-management inherited ESJH-platform Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-platform/providers/Microsoft.Authorization/roleAssignments/243cb616-b890-4197-bc2e-98b966ba39f5 none 2021-01-10 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Ten ESJH-management ESJH-management inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Authorization/roleAssignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 2021-01-10 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-management ESJH-management inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Authorization/roleAssignments/6c236776-529f-4132-b034-e399e1cd1a99 none 2021-01-10 20:51:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-Log-Analytics n/a 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH-management/providers/Microsoft.Authorization/roleAssignments/b95d2309-e3d0-5961-bef8-a3e75deca49a /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics (Deploy the Log Analytics in the subscription) 2021-01-10 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-management/providers/Microsoft.Authorization/roleAssignments/84fb757b-e5ed-44e1-92fa-5d2ed6fe5cd1 none 2021-01-10 20:56:58 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 2021-07-06 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 2021-06-16 13:58:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 2021-04-27 16:53:54 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 2021-07-19 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 2021-01-10 21:00:49 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Linux servers) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Enable Azure Monitor for VMs) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Enable Azure Monitor for Virtual Machine Scale Sets) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Windows servers) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 2021-01-10 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH-management Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-Log-Analytics n/a 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH-management/providers/Microsoft.Authorization/roleAssignments/b95d2309-e3d0-5961-bef8-a3e75deca49a /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics (Deploy the Log Analytics in the subscription) 2021-01-10 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH-management Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-management/providers/Microsoft.Authorization/roleAssignments/84fb757b-e5ed-44e1-92fa-5d2ed6fe5cd1 none 2021-01-10 20:56:58 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH-platform Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-platform/providers/Microsoft.Authorization/roleAssignments/243cb616-b890-4197-bc2e-98b966ba39f5 none 2021-01-10 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Ten ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Authorization/roleAssignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 2021-01-10 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Authorization/roleAssignments/6c236776-529f-4132-b034-e399e1cd1a99 none 2021-01-10 20:51:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
RG ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management thisScope Sub RG Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false user03 user03@AzGovViz.onmicrosoft.com c472fa07-5319-4f5f-8bcd-00d4162bb8fd User Member direct /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourceGroups/NSG/providers/Microsoft.Authorization/roleAssignments/1fe0074e-959c-4d3e-9478-9dc99a34062a none 2021-05-18 17:59:58 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 2021-07-06 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 2021-06-16 13:58:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 2021-04-27 16:53:54 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 2021-07-19 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 2021-01-10 21:00:49 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Linux servers) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Enable Azure Monitor for VMs) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Enable Azure Monitor for Virtual Machine Scale Sets) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Windows servers) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 2021-01-10 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-online ESJH-online inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-AKS-Policy n/a fb0a7498-393f-434d-aa93-2acd144f489f SP MI direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/4f80e55d-446d-5743-a173-5d189d196345 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy (Deploy Azure Policy Add-on to Azure Kubernetes Service clusters) 2021-01-10 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-SQL-DB-Auditing n/a 4f3a2551-ea2f-43c6-9623-8950156d19b7 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing (Auditing on SQL server should be enabled) 2021-01-10 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VM-Backup n/a e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup (Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy) 2021-01-10 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Enforce-SQL-Encryption n/a 34520a11-7b14-46a8-ac34-7d766959460a SP MI direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3df334e6-61c3-543a-b548-97586caf6d4f /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption (Deploy SQL DB transparent data encryption) 2021-01-10 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/093ad67e-4eae-4536-aa0b-da4e09b47d88 none 2021-01-10 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-online ESJH-online inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false 3rdPartyStaff n/a cb036073-f86b-46e1-9726-1eaccb62a678 Group direct 1 (Usr: 1, Grp: 0, SP: 0) /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 2021-01-25 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect 3rdPartyStaff (cb036073-f86b-46e1-9726-1eaccb62a678) 1 (Usr: 1, Grp: 0, SP: 0) /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 2021-01-25 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-online ESJH-online inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Authorization/roleAssignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 2021-01-10 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-online ESJH-online inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Authorization/roleAssignments/6c236776-529f-4132-b034-e399e1cd1a99 none 2021-01-10 20:51:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-online/providers/Microsoft.Authorization/roleAssignments/06ee6718-e394-4fcf-bbc2-cf358381ff67 none 2021-01-10 20:57:02 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 2021-07-06 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 2021-06-16 13:58:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 2021-04-27 16:53:54 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 2021-07-19 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 2021-01-10 21:00:49 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Linux servers) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Enable Azure Monitor for VMs) 2021-01-10 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Enable Azure Monitor for Virtual Machine Scale Sets) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics agent on Azure Arc enabled Windows servers) 2021-01-10 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 2021-01-10 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-AKS-Policy n/a fb0a7498-393f-434d-aa93-2acd144f489f SP MI direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/4f80e55d-446d-5743-a173-5d189d196345 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy (Deploy Azure Policy Add-on to Azure Kubernetes Service clusters) 2021-01-10 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-SQL-DB-Auditing n/a 4f3a2551-ea2f-43c6-9623-8950156d19b7 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing (Auditing on SQL server should be enabled) 2021-01-10 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Deploy-VM-Backup n/a e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 SP MI direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup (Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy) 2021-01-10 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Enforce-SQL-Encryption n/a 34520a11-7b14-46a8-ac34-7d766959460a SP MI direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3df334e6-61c3-543a-b548-97586caf6d4f /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption (Deploy SQL DB transparent data encryption) 2021-01-10 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/093ad67e-4eae-4536-aa0b-da4e09b47d88 none 2021-01-10 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false 3rdPartyStaff n/a cb036073-f86b-46e1-9726-1eaccb62a678 Group direct 1 (Usr: 1, Grp: 0, SP: 0) /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 2021-01-25 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect 3rdPartyStaff (cb036073-f86b-46e1-9726-1eaccb62a678) 1 (Usr: 1, Grp: 0, SP: 0) /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 2021-01-25 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-online Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-online/providers/Microsoft.Authorization/roleAssignments/06ee6718-e394-4fcf-bbc2-cf358381ff67 none 2021-01-10 20:57:02 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Ten ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/Microsoft.Authorization/roleAssignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 2021-01-10 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Authorization/roleAssignments/6c236776-529f-4132-b034-e399e1cd1a99 none 2021-01-10 20:51:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect group03 (e2390190-219f-419f-bdfa-a9f5cc3698cc) 1 (Usr: 1, Grp: 0, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/6bbd9ae3-1189-40bb-8170-7e8674b79159 none 2021-07-21 10:08:04 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/70e14253-25d3-447f-9356-ac32985062a4 none 2021-07-19 19:31:24 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false group03 n/a e2390190-219f-419f-bdfa-a9f5cc3698cc Group direct 1 (Usr: 1, Grp: 0, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/6bbd9ae3-1189-40bb-8170-7e8674b79159 none 2021-07-21 10:08:04 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Monitoring Reader 43d0d8ad-25c7-4714-9337-8ba259a9fe05 Builtin false Jolly Jumper JollyJumper@AzGovViz.onmicrosoft.com 192ff2e5-52de-4c93-b220-f9ced74068b0 User Member direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/79041f69-fb87-4da7-8676-6431f7ad43a8 none 2021-01-25 22:11:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Tag Contributor 4a9ae827-6dc8-4573-8ac7-8239d42aa03f Builtin false Tag Bert TagBert@AzGovViz.onmicrosoft.com 9e1643fe-b887-4a53-9071-56801236f719 User Member direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/1dd61049-04b7-4058-af49-01f9b83159b2 none 2021-07-22 08:57:09 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/2754101a-9df1-48e7-ae2a-836f23710ed7 none 2021-07-19 19:43:09 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/68463d6a-5bd9-4d2b-8607-cb12a73d3c53 none 2021-05-13 12:05:47 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false group00 n/a c1916fdd-08d8-439e-a329-d540c6f002a8 Group direct 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 2021-05-15 06:39:30 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false group01 n/a 66f4e0b3-13af-4c93-ad43-67042ed760e5 Group indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 2021-05-15 06:39:30 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false group02 n/a 903a7f87-c183-4962-8983-c793a77f18bf Group indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 2021-05-15 06:39:30 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false user00 user00@AzGovViz.onmicrosoft.com 05687e51-8ebb-4a06-9eae-9e9786f79090 User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 2021-05-15 06:39:30 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false user01 user01@AzGovViz.onmicrosoft.com 7dd8e665-9277-4bbb-94f9-ff278ceff8c0 User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 2021-05-15 06:39:30 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false user02 user02@AzGovViz.onmicrosoft.com cb317eea-8af2-4cb8-bde5-516e0b951f1b User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 2021-05-15 06:39:30 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false user03 user03@AzGovViz.onmicrosoft.com c472fa07-5319-4f5f-8bcd-00d4162bb8fd User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 2021-05-15 06:39:30 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Download CSV semicolon | comma
Classic Role Name Identity Identity Type Subscriptions
ServiceAdministrator;AccountAdministrator its.joe.dalton@azgovviz.net User 2

0 Custom Role definitions Owner permissions (Tenant wide)

Download CSV semicolon | comma
Role Name RoleId Role Assignment ServicePrincipal (ObjId) Impacted Mg/Sub
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b AzOps (c295384a-33d9-475e-abaf-d2fb0274299a) Mg: 11; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3df334e6-61c3-543a-b548-97586caf6d4f Enforce-SQL-Encryption (34520a11-7b14-46a8-ac34-7d766959460a) Mg: 2; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/4f80e55d-446d-5743-a173-5d189d196345 Deploy-AKS-Policy (fb0a7498-393f-434d-aa93-2acd144f489f) Mg: 2; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 Deploy-VM-Backup (e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2) Mg: 2; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 Deploy-SQL-DB-Auditing (4f3a2551-ea2f-43c6-9623-8950156d19b7) Mg: 2; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-management/providers/Microsoft.Authorization/roleAssignments/b95d2309-e3d0-5961-bef8-a3e75deca49a Deploy-Log-Analytics (2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5) Mg: 1; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 Deploy-VMSS-Monitoring (a3a4908f-b068-455e-a3f5-38cc5e00448f) Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed Deploy-WS-Arc-Monitoring (b0bdcb08-09c9-4d9d-957e-963d255e7220) Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc Deploy-Resource-Diag (e51576ad-748d-462b-9d70-cb3b03e6c2e6) Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf Deploy-ASC-Security (4cb4c797-237b-4e64-b2cf-66f841700442) Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 Deploy-VM-Monitoring (065dde0b-5eab-4fce-80ee-ec956e94c498) Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf Deploy-LX-Arc-Monitoring (9ed01b2b-9311-41a8-8897-0a329047be49) Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e Deploy-AzActivity-Log (1691aa06-da2e-43f0-98f9-af12494603a9) Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJHDEV/providers/Microsoft.Authorization/roleAssignments/983c43f8-1c29-4c73-9816-b69d38226be4 AzOps (c295384a-33d9-475e-abaf-d2fb0274299a) Mg: 1; Sub: 0
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJHQA/providers/Microsoft.Authorization/roleAssignments/9f1fe9df-5a9c-46ca-b881-154ecd19eaa7 AzOps (c295384a-33d9-475e-abaf-d2fb0274299a) Mg: 1; Sub: 0
Download CSV semicolon | comma
Role Name RoleId Role Assignment Obj Type Obj DisplayName Obj SignInName ObjId Impacted Mg/Sub
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Authorization/roleAssignments/6c236776-529f-4132-b034-e399e1cd1a99 User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 11; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b ServicePrincipal AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a Mg: 11; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d User Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a Mg: 11; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/CUST_T5/providers/Microsoft.Authorization/roleAssignments/3c72bcce-6116-4d33-9f8a-927083beee40 User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 1; Sub: 0
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-decommissioned/providers/Microsoft.Authorization/roleAssignments/81bb9ace-a96d-47ab-b9a2-8952e655aa0c User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 1; Sub: 0
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/093ad67e-4eae-4536-aa0b-da4e09b47d88 User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 2; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3df334e6-61c3-543a-b548-97586caf6d4f ServicePrincipal Enforce-SQL-Encryption n/a 34520a11-7b14-46a8-ac34-7d766959460a Mg: 2; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/4f80e55d-446d-5743-a173-5d189d196345 ServicePrincipal Deploy-AKS-Policy n/a fb0a7498-393f-434d-aa93-2acd144f489f Mg: 2; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 ServicePrincipal Deploy-VM-Backup n/a e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 Mg: 2; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 ServicePrincipal Deploy-SQL-DB-Auditing n/a 4f3a2551-ea2f-43c6-9623-8950156d19b7 Mg: 2; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-management/providers/Microsoft.Authorization/roleAssignments/84fb757b-e5ed-44e1-92fa-5d2ed6fe5cd1 User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 1; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-management/providers/Microsoft.Authorization/roleAssignments/b95d2309-e3d0-5961-bef8-a3e75deca49a ServicePrincipal Deploy-Log-Analytics n/a 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5 Mg: 1; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-online/providers/Microsoft.Authorization/roleAssignments/06ee6718-e394-4fcf-bbc2-cf358381ff67 User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 1; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-platform/providers/Microsoft.Authorization/roleAssignments/243cb616-b890-4197-bc2e-98b966ba39f5 User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 2; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH-sandboxes/providers/Microsoft.Authorization/roleAssignments/5c852bb9-bc65-44cb-a7d7-f230589f9c5f User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 2; Sub: 0
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 ServicePrincipal Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed ServicePrincipal Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc ServicePrincipal Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf ServicePrincipal Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 ServicePrincipal Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf ServicePrincipal Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e ServicePrincipal Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 8; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJHDEV/providers/Microsoft.Authorization/roleAssignments/983c43f8-1c29-4c73-9816-b69d38226be4 ServicePrincipal AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a Mg: 1; Sub: 0
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/Microsoft.Management/managementGroups/ESJHQA/providers/Microsoft.Authorization/roleAssignments/9f1fe9df-5a9c-46ca-b881-154ecd19eaa7 ServicePrincipal AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a Mg: 1; Sub: 0
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/2754101a-9df1-48e7-ae2a-836f23710ed7 User Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 Mg: 0; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/68463d6a-5bd9-4d2b-8607-cb12a73d3c53 User Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a Mg: 0; Sub: 1
Download CSV semicolon | comma
Role Name RoleId Role Assignment Obj Type Obj DisplayName Obj SignInName ObjId Impacted Mg/Sub
User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 /providers/Microsoft.Authorization/roleAssignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 User Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a Mg: 11; Sub: 2
User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/70e14253-25d3-447f-9356-ac32985062a4 User Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 Mg: 0; Sub: 1
Download CSV semicolon | comma
Role Name RoleId Role Assignment Obj Type Obj DisplayName Obj SignInName ObjId Assignment direct/indirect
User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/6bbd9ae3-1189-40bb-8170-7e8674b79159 User Guest Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 indirect / AAD Group Membership 'group03 (e2390190-219f-419f-bdfa-a9f5cc3698cc)'
User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/70e14253-25d3-447f-9356-ac32985062a4 User Guest Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 direct

0 Blueprint definitions

0 Blueprint assignments

0 Orphaned Blueprint definitions

Download CSV semicolon | comma
Level ManagementGroup ManagementGroup Id Mg children (total) Mg children (direct) Sub children (total) Sub children (direct) MG ASC Score Cost (1d) Path
0 Tenant Root Group 896470ca-9c6e-4176-9b38-5a655403c638 10 3 2 0 0.004383895968 EUR generated by 4 Resources (2 ResourceTypes) in 2 Subscriptions 896470ca-9c6e-4176-9b38-5a655403c638
1 ESJH ESJH 7 4 2 0 0.004383895968 EUR generated by 4 Resources (2 ResourceTypes) in 2 Subscriptions 896470ca-9c6e-4176-9b38-5a655403c638/ESJH
1 ESJHDEV ESJHDEV 0 0 0 0 no consumption data available 896470ca-9c6e-4176-9b38-5a655403c638/ESJHDEV
1 ESJHQA ESJHQA 0 0 0 0 no consumption data available 896470ca-9c6e-4176-9b38-5a655403c638/ESJHQA
2 ESJH-decommissioned ESJH-decommissioned 0 0 0 0 no consumption data available 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-decommissioned
2 ESJH-landingzones ESJH-landingzones 1 1 1 0 0.001138877568 EUR generated by 3 Resources (2 ResourceTypes) in 1 Subscriptions 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones
2 ESJH-platform ESJH-platform 1 1 1 0 0.0032450184 EUR generated by 1 Resources (1 ResourceTypes) in 1 Subscriptions 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform
2 ESJH-sandboxes ESJH-sandboxes 1 1 0 0 no consumption data available 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-sandboxes
3 CUST_T5 atz CUST_T5 0 0 0 0 no consumption data available 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-sandboxes/CUST_T5
3 ESJH-management ESJH-management 0 0 1 1 0.0032450184 EUR generated by 1 Resources (1 ResourceTypes) in 1 Subscriptions 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management
3 ESJH-online ESJH-online 0 0 1 1 0.001138877568 EUR generated by 3 Resources (2 ResourceTypes) in 1 Subscriptions 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online

Hierarchy Settings | Default Management Group Id: 'ESJH-online' docs

Hierarchy Settings | Require authorization for Management Group creation: 'False' docs

Supported Microsoft Azure offers docs
Understand ASC Secure Score Video , Blog , docs
Download CSV semicolon | comma
Subscription SubscriptionId QuotaId Tags ASC Score Cost (1d) Currency Path
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f PayAsYouGo_2014-09-01 'costCenter':'4711', 'existingtag':'blaaa', 'testtag':'testvalue5', 'testtag2':'blub' n/a 0.001138877568 EUR 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 PayAsYouGo_2014-09-01 'costCenter':'4876' 4 of 14 points 0.0032450184 EUR 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466

0 Subscriptions out-of-scope

Resource naming and tagging decision guide docs
Download CSV semicolon | comma
Scope TagName Count
AllScopes costCenter 3
AllScopes existingtag 4
AllScopes ms-resource-usage 1
AllScopes Responsible 3
AllScopes tagKey1 2
AllScopes tagKey2 2
AllScopes testtag 3
AllScopes testtag2 4
AllScopes testtagbase 1
Resource costCenter 1
Resource existingtag 2
Resource ms-resource-usage 1
Resource Responsible 2
Resource tagKey1 2
Resource tagKey2 2
Resource testtag 1
Resource testtag2 2
Resource testtagbase 1
ResourceGroup existingtag 1
ResourceGroup Responsible 1
ResourceGroup testtag 1
ResourceGroup testtag2 1
Subscription costCenter 2
Subscription existingtag 1
Subscription testtag 1
Subscription testtag2 1
Download CSV semicolon | comma
ResourceType Resource Count
microsoft.automation/automationaccounts 1
microsoft.automation/automationaccounts/runbooks 1
microsoft.keyvault/vaults 1
microsoft.managedidentity/userassignedidentities 1
microsoft.network/networksecuritygroups 4
microsoft.network/networkwatchers 1
microsoft.network/virtualnetworks 1
microsoft.operationalinsights/workspaces 1
microsoft.operationsmanagement/solutions 10
microsoft.storage/storageaccounts 2
Download CSV semicolon | comma
ResourceType Location Resource Count
microsoft.automation/automationaccounts westeurope 1
microsoft.automation/automationaccounts/runbooks westeurope 1
microsoft.keyvault/vaults westeurope 1
microsoft.managedidentity/userassignedidentities westeurope 1
microsoft.network/networksecuritygroups northeurope 1
microsoft.network/networksecuritygroups westeurope 3
microsoft.network/networkwatchers westeurope 1
microsoft.network/virtualnetworks westeurope 1
microsoft.operationalinsights/workspaces westeurope 1
microsoft.operationsmanagement/solutions westeurope 10
microsoft.storage/storageaccounts northeurope 1
microsoft.storage/storageaccounts westeurope 1
Download CSV semicolon | comma
Provider Registered Registering NotRegistered Unregistering
84codes.CloudAMQP 1 0 1 0
Crypteron.DataSecurity 0 1 1 0
Dynatrace.Observability 0 0 2 0
Microsoft.AAD 1 0 1 0
microsoft.aadiam 1 0 1 0
Microsoft.Addons 1 0 1 0
Microsoft.ADHybridHealthService 2 0 0 0
Microsoft.Advisor 1 0 1 0
Microsoft.AgFoodPlatform 1 0 1 0
Microsoft.AISupercomputer 1 0 1 0
Microsoft.AlertsManagement 1 0 1 0
Microsoft.AnalysisServices 1 0 1 0
Microsoft.AnyBuild 1 0 1 0
Microsoft.ApiManagement 1 0 1 0
Microsoft.AppAssessment 1 0 1 0
Microsoft.AppConfiguration 1 0 1 0
Microsoft.AppPlatform 1 0 1 0
Microsoft.Attestation 1 0 1 0
Microsoft.Authorization 2 0 0 0
Microsoft.Automanage 1 0 1 0
Microsoft.Automation 2 0 0 0
Microsoft.AutonomousDevelopmentPlatform 1 0 1 0
Microsoft.AutonomousSystems 1 0 1 0
Microsoft.AVS 1 0 1 0
Microsoft.AzureActiveDirectory 1 0 1 0
Microsoft.AzureArcData 1 0 1 0
Microsoft.AzureCIS 1 0 1 0
Microsoft.AzureData 1 0 1 0
Microsoft.AzurePercept 0 0 2 0
Microsoft.AzureSphere 0 1 1 0
Microsoft.AzureStack 1 0 1 0
Microsoft.AzureStackHCI 1 0 1 0
Microsoft.BareMetalInfrastructure 1 0 1 0
Microsoft.Batch 1 0 1 0
Microsoft.Billing 2 0 0 0
Microsoft.Bing 1 0 1 0
Microsoft.Blockchain 1 0 1 0
Microsoft.BlockchainTokens 1 0 1 0
Microsoft.Blueprint 1 0 1 0
Microsoft.BotService 1 0 1 0
Microsoft.Cache 1 0 1 0
Microsoft.Capacity 1 0 1 0
Microsoft.Cascade 1 0 1 0
Microsoft.Cdn 1 0 1 0
Microsoft.CertificateRegistration 1 0 1 0
Microsoft.ChangeAnalysis 1 0 1 0
Microsoft.Chaos 1 0 1 0
Microsoft.ClassicCompute 1 0 1 0
Microsoft.ClassicInfrastructureMigrate 1 0 1 0
Microsoft.ClassicNetwork 1 0 1 0
Microsoft.ClassicStorage 1 0 1 0
Microsoft.ClassicSubscription 2 0 0 0
Microsoft.CloudTest 0 0 2 0
Microsoft.CodeSigning 0 0 2 0
Microsoft.Codespaces 1 0 1 0
Microsoft.CognitiveServices 1 0 1 0
Microsoft.Commerce 2 0 0 0
Microsoft.Communication 1 0 1 0
Microsoft.Compute 1 0 1 0
Microsoft.ConfidentialLedger 1 0 1 0
Microsoft.Confluent 1 0 1 0
Microsoft.ConnectedCache 1 0 1 0
Microsoft.ConnectedVehicle 1 0 1 0
Microsoft.ConnectedVMwarevSphere 1 0 1 0
Microsoft.Consumption 2 0 0 0
Microsoft.ContainerInstance 1 0 1 0
Microsoft.ContainerRegistry 1 0 1 0
Microsoft.ContainerService 1 0 1 0
Microsoft.CostManagement 2 0 0 0
Microsoft.CostManagementExports 1 0 1 0
Microsoft.CustomerLockbox 1 0 1 0
Microsoft.CustomProviders 1 0 1 0
Microsoft.D365CustomerInsights 1 0 1 0
Microsoft.Dashboard 0 0 2 0
Microsoft.DataBox 1 0 1 0
Microsoft.DataBoxEdge 1 0 1 0
Microsoft.Databricks 1 0 1 0
Microsoft.DataCatalog 1 0 1 0
Microsoft.DataCollaboration 1 0 1 0
Microsoft.Datadog 1 0 1 0
Microsoft.DataFactory 1 0 1 0
Microsoft.DataLakeAnalytics 1 0 1 0
Microsoft.DataLakeStore 1 0 1 0
Microsoft.DataMigration 1 0 1 0
Microsoft.DataProtection 1 0 1 0
Microsoft.DataShare 1 0 1 0
Microsoft.DBforMariaDB 1 0 1 0
Microsoft.DBforMySQL 1 0 1 0
Microsoft.DBforPostgreSQL 1 0 1 0
Microsoft.DelegatedNetwork 1 0 1 0
Microsoft.DeploymentManager 1 0 1 0
Microsoft.DesktopVirtualization 1 0 1 0
Microsoft.Devices 1 0 1 0
Microsoft.DeviceUpdate 1 0 1 0
Microsoft.DevOps 1 0 1 0
Microsoft.DevTestLab 1 0 1 0
Microsoft.Diagnostics 1 0 1 0
Microsoft.DigitalTwins 1 0 1 0
Microsoft.DocumentDB 1 0 1 0
Microsoft.DomainRegistration 1 0 1 0
Microsoft.EdgeOrder 0 0 2 0
Microsoft.Elastic 1 0 1 0
Microsoft.EnterpriseKnowledgeGraph 0 1 1 0
Microsoft.EventGrid 1 0 1 0
Microsoft.EventHub 1 0 1 0
Microsoft.Experimentation 1 0 1 0
Microsoft.ExtendedLocation 1 0 1 0
Microsoft.Falcon 1 0 1 0
Microsoft.Features 2 0 0 0
Microsoft.Fidalgo 0 0 2 0
Microsoft.FluidRelay 0 0 2 0
Microsoft.GuestConfiguration 2 0 0 0
Microsoft.HanaOnAzure 1 0 1 0
Microsoft.HardwareSecurityModules 1 0 1 0
Microsoft.HDInsight 1 0 1 0
Microsoft.HealthBot 1 0 1 0
Microsoft.HealthcareApis 1 0 1 0
Microsoft.HybridCompute 1 0 1 0
Microsoft.HybridData 1 0 1 0
Microsoft.HybridNetwork 1 0 1 0
Microsoft.ImportExport 1 0 1 0
Microsoft.IndustryDataLifecycle 1 0 1 0
microsoft.insights 2 0 0 0
Microsoft.IntelligentITDigitalTwin 1 0 1 0
Microsoft.IoTCentral 1 0 1 0
Microsoft.IoTSecurity 1 0 1 0
Microsoft.KeyVault 1 0 1 0
Microsoft.Kubernetes 1 0 1 0
Microsoft.KubernetesConfiguration 1 0 1 0
Microsoft.Kusto 1 0 1 0
Microsoft.LabServices 1 0 1 0
Microsoft.Logic 1 0 1 0
Microsoft.Logz 1 0 1 0
Microsoft.MachineLearning 1 0 1 0
Microsoft.MachineLearningServices 1 0 1 0
Microsoft.Maintenance 1 0 1 0
Microsoft.ManagedIdentity 1 0 1 0
Microsoft.ManagedServices 1 0 1 0
Microsoft.Management 2 0 0 0
Microsoft.Maps 1 0 1 0
Microsoft.Marketplace 1 0 1 0
Microsoft.MarketplaceApps 1 0 1 0
Microsoft.MarketplaceNotifications 0 0 2 0
Microsoft.MarketplaceOrdering 2 0 0 0
Microsoft.Media 1 0 1 0
Microsoft.Migrate 1 0 1 0
Microsoft.MixedReality 1 0 1 0
Microsoft.MobileNetwork 0 0 2 0
Microsoft.NetApp 1 0 1 0
Microsoft.Network 2 0 0 0
Microsoft.NotificationHubs 1 0 1 0
Microsoft.ObjectStore 1 0 1 0
Microsoft.OffAzure 1 0 1 0
Microsoft.OpenLogisticsPlatform 1 0 1 0
Microsoft.OperationalInsights 2 0 0 0
Microsoft.OperationsManagement 2 0 0 0
Microsoft.Peering 1 0 1 0
Microsoft.PolicyInsights 2 0 0 0
Microsoft.Portal 2 0 0 0
Microsoft.PowerBI 1 0 1 0
Microsoft.PowerBIDedicated 1 0 1 0
Microsoft.PowerPlatform 1 0 1 0
Microsoft.ProjectBabylon 1 0 1 0
Microsoft.ProviderHub 1 0 1 0
Microsoft.Purview 1 0 1 0
Microsoft.Quantum 1 0 1 0
Microsoft.Quota 0 0 2 0
Microsoft.RecommendationsService 1 0 1 0
Microsoft.RecoveryServices 1 0 1 0
Microsoft.RedHatOpenShift 1 0 1 0
Microsoft.Relay 1 0 1 0
Microsoft.ResourceConnector 1 0 1 0
Microsoft.ResourceGraph 2 0 0 0
Microsoft.ResourceHealth 1 0 1 0
Microsoft.Resources 2 0 0 0
Microsoft.SaaS 1 0 1 0
Microsoft.Scheduler 0 1 1 0
Microsoft.Scom 0 0 2 0
Microsoft.ScVmm 1 0 1 0
Microsoft.Search 1 0 1 0
Microsoft.Security 2 0 0 0
Microsoft.SecurityDetonation 1 0 1 0
Microsoft.SecurityInsights 1 0 1 0
Microsoft.SerialConsole 2 0 0 0
Microsoft.ServiceBus 1 0 1 0
Microsoft.ServiceFabric 1 0 1 0
Microsoft.ServiceFabricMesh 1 0 1 0
Microsoft.ServiceLinker 1 0 1 0
Microsoft.ServicesHub 1 0 1 0
Microsoft.SignalRService 1 0 1 0
Microsoft.Singularity 1 0 1 0
Microsoft.SoftwarePlan 1 0 1 0
Microsoft.Solutions 1 0 1 0
Microsoft.Sql 1 0 1 0
Microsoft.SqlVirtualMachine 1 0 1 0
Microsoft.Storage 1 0 1 0
Microsoft.StorageCache 1 0 1 0
Microsoft.StoragePool 1 0 1 0
Microsoft.StorageSync 1 0 1 0
Microsoft.StorSimple 1 0 1 0
Microsoft.StreamAnalytics 1 0 1 0
Microsoft.Subscription 1 0 1 0
microsoft.support 2 0 0 0
Microsoft.Synapse 1 0 1 0
Microsoft.TestBase 1 0 1 0
Microsoft.TimeSeriesInsights 1 0 1 0
Microsoft.VideoIndexer 0 0 2 0
Microsoft.VirtualMachineImages 1 0 1 0
microsoft.visualstudio 1 0 1 0
Microsoft.VMware 1 0 1 0
Microsoft.VMwareCloudSimple 1 0 1 0
Microsoft.VSOnline 1 0 1 0
Microsoft.Web 1 0 1 0
Microsoft.WindowsESU 1 0 1 0
Microsoft.WindowsIoT 1 0 1 0
Microsoft.WorkloadBuilder 1 0 1 0
Microsoft.WorkloadMonitor 1 0 1 0
NGINX.NGINXPLUS 0 0 2 0
Paraleap.CloudMonix 1 0 1 0
Pokitdok.Platform 0 1 1 0
RavenHq.Db 1 0 1 0
Raygun.CrashReporting 1 0 1 0
Sendgrid.Email 1 0 1 0
Wandisco.Fusion 1 0 1 0
Download CSV semicolon | comma
Mg Name MgId Subscription Name SubscriptionId Provider State
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 84codes.CloudAMQP Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Crypteron.DataSecurity Registering
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Dynatrace.Observability NotRegistered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AAD Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f microsoft.aadiam Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Addons Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ADHybridHealthService Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Advisor Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AgFoodPlatform Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AISupercomputer Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AlertsManagement Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AnalysisServices Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AnyBuild Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ApiManagement Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AppAssessment Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AppConfiguration Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AppPlatform Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Attestation Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Authorization Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Automanage Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Automation Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AutonomousDevelopmentPlatform Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AutonomousSystems Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AVS Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureActiveDirectory Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureArcData Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureCIS Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureData Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzurePercept NotRegistered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureSphere Registering
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureStack Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureStackHCI Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.BareMetalInfrastructure Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Batch Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Billing Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Bing Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Blockchain Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.BlockchainTokens Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Blueprint Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.BotService Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Cache Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Capacity Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Cascade Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Cdn Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CertificateRegistration Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ChangeAnalysis Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Chaos Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ClassicCompute Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ClassicInfrastructureMigrate Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ClassicNetwork Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ClassicStorage Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ClassicSubscription Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CloudTest NotRegistered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CodeSigning NotRegistered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Codespaces Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CognitiveServices Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Commerce Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Communication Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Compute Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ConfidentialLedger Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Confluent Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ConnectedCache Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ConnectedVehicle Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ConnectedVMwarevSphere Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Consumption Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ContainerInstance Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ContainerRegistry Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ContainerService Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CostManagement Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CostManagementExports Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CustomerLockbox Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CustomProviders Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.D365CustomerInsights Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Dashboard NotRegistered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataBox Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataBoxEdge Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Databricks Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataCatalog Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataCollaboration Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Datadog Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataFactory Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataLakeAnalytics Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataLakeStore Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataMigration Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataProtection Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataShare Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DBforMariaDB Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DBforMySQL Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DBforPostgreSQL Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DelegatedNetwork Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DeploymentManager Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DesktopVirtualization Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Devices Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DeviceUpdate Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DevOps Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DevTestLab Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Diagnostics Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DigitalTwins Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DocumentDB Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DomainRegistration Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.EdgeOrder NotRegistered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Elastic Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.EnterpriseKnowledgeGraph Registering
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.EventGrid Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.EventHub Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Experimentation Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ExtendedLocation Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Falcon Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Features Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Fidalgo NotRegistered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.FluidRelay NotRegistered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.GuestConfiguration Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HanaOnAzure Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HardwareSecurityModules Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HDInsight Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HealthBot Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HealthcareApis Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HybridCompute Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HybridData Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HybridNetwork Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ImportExport Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.IndustryDataLifecycle Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f microsoft.insights Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.IntelligentITDigitalTwin Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.IoTCentral Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.IoTSecurity Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.KeyVault Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Kubernetes Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.KubernetesConfiguration Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Kusto Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.LabServices Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Logic Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Logz Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.MachineLearning Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.MachineLearningServices Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Maintenance Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ManagedIdentity Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ManagedServices Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Management Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Maps Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Marketplace Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.MarketplaceApps Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.MarketplaceNotifications NotRegistered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.MarketplaceOrdering Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Media Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Migrate Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.MixedReality Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.MobileNetwork NotRegistered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.NetApp Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Network Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.NotificationHubs Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ObjectStore Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.OffAzure Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.OpenLogisticsPlatform Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.OperationalInsights Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.OperationsManagement Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Peering Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.PolicyInsights Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Portal Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.PowerBI Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.PowerBIDedicated Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.PowerPlatform Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ProjectBabylon Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ProviderHub Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Purview Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Quantum Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Quota NotRegistered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.RecommendationsService Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.RecoveryServices Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.RedHatOpenShift Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Relay Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ResourceConnector Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ResourceGraph Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ResourceHealth Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Resources Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SaaS Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Scheduler Registering
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Scom NotRegistered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ScVmm Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Search Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Security Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SecurityDetonation Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SecurityInsights Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SerialConsole Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ServiceBus Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ServiceFabric Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ServiceFabricMesh Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ServiceLinker Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ServicesHub Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SignalRService Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Singularity Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SoftwarePlan Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Solutions Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Sql Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SqlVirtualMachine Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Storage Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.StorageCache Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.StoragePool Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.StorageSync Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.StorSimple Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.StreamAnalytics Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Subscription Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f microsoft.support Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Synapse Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.TestBase Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.TimeSeriesInsights Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.VideoIndexer NotRegistered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.VirtualMachineImages Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f microsoft.visualstudio Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.VMware Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.VMwareCloudSimple Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.VSOnline Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Web Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.WindowsESU Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.WindowsIoT Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.WorkloadBuilder Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.WorkloadMonitor Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f NGINX.NGINXPLUS NotRegistered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Paraleap.CloudMonix Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Pokitdok.Platform Registering
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f RavenHq.Db Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Raygun.CrashReporting Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Sendgrid.Email Registered
ESJH-online ESJH-online landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f Wandisco.Fusion Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 84codes.CloudAMQP NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Crypteron.DataSecurity NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Dynatrace.Observability NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AAD NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 microsoft.aadiam NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Addons NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ADHybridHealthService Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Advisor NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AgFoodPlatform NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AISupercomputer NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AlertsManagement NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AnalysisServices NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AnyBuild NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ApiManagement NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AppAssessment NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AppConfiguration NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AppPlatform NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Attestation NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Authorization Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Automanage NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Automation Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AutonomousDevelopmentPlatform NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AutonomousSystems NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AVS NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureActiveDirectory NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureArcData NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureCIS NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureData NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzurePercept NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureSphere NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureStack NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureStackHCI NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.BareMetalInfrastructure NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Batch NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Billing Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Bing NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Blockchain NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.BlockchainTokens NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Blueprint NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.BotService NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Cache NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Capacity NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Cascade NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Cdn NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CertificateRegistration NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ChangeAnalysis NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Chaos NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ClassicCompute NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ClassicInfrastructureMigrate NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ClassicNetwork NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ClassicStorage NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ClassicSubscription Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CloudTest NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CodeSigning NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Codespaces NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CognitiveServices NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Commerce Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Communication NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Compute NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ConfidentialLedger NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Confluent NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ConnectedCache NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ConnectedVehicle NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ConnectedVMwarevSphere NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Consumption Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ContainerInstance NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ContainerRegistry NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ContainerService NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CostManagement Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CostManagementExports NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CustomerLockbox NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CustomProviders NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.D365CustomerInsights NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Dashboard NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataBox NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataBoxEdge NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Databricks NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataCatalog NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataCollaboration NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Datadog NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataFactory NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataLakeAnalytics NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataLakeStore NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataMigration NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataProtection NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataShare NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DBforMariaDB NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DBforMySQL NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DBforPostgreSQL NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DelegatedNetwork NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DeploymentManager NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DesktopVirtualization NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Devices NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DeviceUpdate NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DevOps NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DevTestLab NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Diagnostics NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DigitalTwins NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DocumentDB NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DomainRegistration NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.EdgeOrder NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Elastic NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.EnterpriseKnowledgeGraph NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.EventGrid NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.EventHub NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Experimentation NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ExtendedLocation NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Falcon NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Features Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Fidalgo NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.FluidRelay NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.GuestConfiguration Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HanaOnAzure NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HardwareSecurityModules NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HDInsight NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HealthBot NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HealthcareApis NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HybridCompute NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HybridData NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HybridNetwork NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ImportExport NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.IndustryDataLifecycle NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 microsoft.insights Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.IntelligentITDigitalTwin NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.IoTCentral NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.IoTSecurity NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.KeyVault NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Kubernetes NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.KubernetesConfiguration NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Kusto NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.LabServices NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Logic NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Logz NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.MachineLearning NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.MachineLearningServices NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Maintenance NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ManagedIdentity NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ManagedServices NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Management Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Maps NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Marketplace NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.MarketplaceApps NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.MarketplaceNotifications NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.MarketplaceOrdering Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Media NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Migrate NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.MixedReality NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.MobileNetwork NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.NetApp NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Network Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.NotificationHubs NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ObjectStore NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.OffAzure NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.OpenLogisticsPlatform NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.OperationalInsights Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.OperationsManagement Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Peering NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.PolicyInsights Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Portal Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.PowerBI NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.PowerBIDedicated NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.PowerPlatform NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ProjectBabylon NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ProviderHub NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Purview NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Quantum NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Quota NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.RecommendationsService NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.RecoveryServices NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.RedHatOpenShift NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Relay NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ResourceConnector NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ResourceGraph Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ResourceHealth NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Resources Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SaaS NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Scheduler NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Scom NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ScVmm NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Search NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Security Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SecurityDetonation NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SecurityInsights NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SerialConsole Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ServiceBus NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ServiceFabric NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ServiceFabricMesh NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ServiceLinker NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ServicesHub NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SignalRService NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Singularity NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SoftwarePlan NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Solutions NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Sql NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SqlVirtualMachine NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Storage NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.StorageCache NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.StoragePool NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.StorageSync NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.StorSimple NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.StreamAnalytics NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Subscription NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 microsoft.support Registered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Synapse NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.TestBase NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.TimeSeriesInsights NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.VideoIndexer NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.VirtualMachineImages NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 microsoft.visualstudio NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.VMware NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.VMwareCloudSimple NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.VSOnline NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Web NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.WindowsESU NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.WindowsIoT NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.WorkloadBuilder NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.WorkloadMonitor NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 NGINX.NGINXPLUS NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Paraleap.CloudMonix NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Pokitdok.Platform NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 RavenHq.Db NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Raygun.CrashReporting NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Sendgrid.Email NotRegistered
ESJH-management ESJH-management management f28ba982-5ed0-4033-9bdf-e45e4b5df466 Wandisco.Fusion NotRegistered
Considerations before applying locks docs
Lock scope Lock type presence
SubscriptionCannotDelete0 of 2 Subscriptions
SubscriptionReadOnly0 of 2 Subscriptions
ResourceGroupCannotDelete1 of 2 Subscriptions (total: 1)
ResourceGroupReadOnly0 of 2 Subscriptions (total: 0)
ResourceCannotDelete0 of 2 Subscriptions (total: 0)
ResourceReadOnly0 of 2 Subscriptions (total: 0)

Management Groups

Management Group Diagnostic Settings - Create Or Update - REST API docs
Download CSV semicolon | comma
Management Group Management Group Id Diagnostic setting Target TargetId Administrative Policy
ESJH-platform ESJH-platform mgDiag_ESJH-platform LA /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 true true
Management Group Diagnostic Settings - Create Or Update - REST API docs
Download CSV semicolon | comma
Management Group Management Group Id Management Group path
Tenant Root Group 896470ca-9c6e-4176-9b38-5a655403c638 896470ca-9c6e-4176-9b38-5a655403c638
ESJH ESJH 896470ca-9c6e-4176-9b38-5a655403c638/ESJH
ESJH-decommissioned ESJH-decommissioned 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-decommissioned
ESJH-landingzones ESJH-landingzones 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones
ESJH-online ESJH-online 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online
ESJH-management ESJH-management 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management
ESJH-sandboxes ESJH-sandboxes 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-sandboxes
CUST_T5 atz CUST_T5 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-sandboxes/CUST_T5
ESJHDEV ESJHDEV 896470ca-9c6e-4176-9b38-5a655403c638/ESJHDEV
ESJHQA ESJHQA 896470ca-9c6e-4176-9b38-5a655403c638/ESJHQA

Subscriptions

Create diagnostic setting docs
Download CSV semicolon | comma
Subscription SubscriptionId Path Diagnostic setting Target TargetId Administrative Alert Autoscale Policy Recommendation ResourceHealth Security ServiceHealth
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f subscriptionToLa LA /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 true true true true true true true true
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 subscriptionToLa LA /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 true true true true true true true true

All Subscriptions are configured for Diagnostic settings docs

Resources

Create Custom Policies for Azure ResourceTypes that support Diagnostics Logs and Metrics Create-AzDiagPolicy
Supported categories for Azure Resource Logs docs
Download CSV semicolon | comma
ResourceType Resource Count Diagnostics capable Metrics Logs LogCategories
microsoft.automation/automationaccounts 1 True True True JobLogs, JobStreams, DscNodeStatus
microsoft.automation/automationaccounts/runbooks 1 False False False
microsoft.keyvault/vaults 1 True True True AuditEvent
microsoft.managedidentity/userassignedidentities 1 False False False
microsoft.network/networksecuritygroups 4 True False True NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter
microsoft.network/networkwatchers 1 False False False
microsoft.network/virtualnetworks 1 True True True VMProtectionAlerts
microsoft.operationalinsights/workspaces 1 True True True Audit
microsoft.operationsmanagement/solutions 10 False False False
microsoft.storage/storageaccounts 2 True True False
Create Custom Policies for Azure ResourceTypes that support Diagnostics Logs and Metrics Create-AzDiagPolicy
Supported categories for Azure Resource Logs docs
Priority Recommendation ResourceType Resource Count Diagnostics capable (logs) Policy Id Policy DisplayName Role definitions Target Log Categories not covered by Policy Policy assignments Policy used in PolicySet PolicySet assignments
2-Medium Create diagnostics policy for this ResourceType. To verify GA check docs microsoft.operationalinsights/workspaces 0 yes n/a n/a n/a n/a n/a n/a n/a n/a
4-Low no recommendation Microsoft.Automation/automationAccounts 0 yes /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aa Deploy Diagnostic Settings for Automation to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA all OK 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation Microsoft.KeyVault/vaults 0 yes /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-keyvault Deploy Diagnostic Settings for Key Vault to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA all OK 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation Microsoft.Network/networkSecurityGroups 0 yes /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-networksecuritygroups Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA all OK 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation Microsoft.Network/virtualNetworks 0 yes /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-virtualnetwork Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA all OK 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.AnalysisServices/servers 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-analysisservice Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.ApiManagement/service 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apimgmt Deploy Diagnostic Settings for API Management to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Batch/batchAccounts 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-batch Deploy Diagnostic Settings for Batch to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Cdn/profiles/endpoints 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cdnendpoints Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.CognitiveServices/accounts 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cognitiveservices Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.ContainerRegistry/registries 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-acr Deploy Diagnostic Settings for Container Registry to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.ContainerService/managedClusters 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aks Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Databricks/workspaces 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-databricks Deploy Diagnostic Settings for Databricks to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.DataFactory/factories 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datafactory Deploy Diagnostic Settings for Data Factory to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.DataLakeAnalytics/accounts 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dlanalytics Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.DataLakeStore/accounts 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datalakestore Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.DBforMariaDB/servers 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mariadb Deploy Diagnostic Settings for MariaDB to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.DBforMySQL/servers 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mysql Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.DBforPostgreSQL/servers 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-postgresql Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Devices/IotHubs 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-iothub Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.DocumentDB/databaseAccounts 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cosmosdb Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.EventGrid/systemTopics 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsystemtopic Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.EventGrid/topics 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridtopic Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.EventHub/namespaces 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventhub Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Logic/integrationAccounts 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappsise Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Logic/workflows 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappswf Deploy Diagnostic Settings for Logic Apps Workflow runtime to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.MachineLearningServices/workspaces 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mlworkspace Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/applicationGateways 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-applicationgateway Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/azureFirewalls 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-firewall Deploy Diagnostic Settings for Firewall to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/expressRouteCircuits 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-expressroute Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/frontDoors 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-frontdoor Deploy Diagnostic Settings for Front Door to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/loadBalancers 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-loadbalancer Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/publicIPAddresses 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-publicip Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/trafficManagerProfiles 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-trafficmanager Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/virtualNetworkGateways 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vnetgw Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.PowerBIDedicated/capacities 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-powerbiembedded Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.RecoveryServices/vaults 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-recoveryvault Deploy Diagnostic Settings for Recovery Services vaults to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Relay/namespaces 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-relay Deploy Diagnostic Settings for Relay to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Search/searchServices 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-searchservices Deploy Diagnostic Settings for Search Services to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.ServiceBus/namespaces 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-servicebus Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.SignalRService/SignalR 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-signalr Deploy Diagnostic Settings for SignalR to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Sql/managedInstances 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlmi Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Sql/servers/databases 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqldbs Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.StreamAnalytics/streamingjobs 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-streamanalytics Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.TimeSeriesInsights/environments 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-timeseriesinsights Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Web/sites 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-website Deploy Diagnostic Settings for App Service to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Web/sites 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-function Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]

Tenant

PolicySet definitions: 3/2500 docs

Custom Role definitions: 6/5000 docs

Management Groups

0 Management Groups approaching Limit (200) for PolicyAssignment docs

0 Management Groups approaching Limit (500) for Policy Scope docs

0 Management Groups approaching Limit (200) for PolicySet Scope docs

0 Management Groups approaching Limit (500) for RoleAssignment docs

Subscriptions

Azure Subscription Resource Group Limit docs
Download CSV semicolon | comma
Subscription SubscriptionId Limit
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 80,92 % (793/980)

0 Subscriptions approaching Limit (50) for Tags docs

0 Subscriptions approaching Limit (200) for PolicyAssignment docs

0 Subscriptions approaching Limit (500) for Policy Scope docs

0 Subscriptions approaching Limit (200) for PolicySet Scope docs

0 Subscriptions approaching Limit (2000) for RoleAssignment docs

Demystifying Service Principals - Managed Identities devBlogs
John Savill - Azure AD App Registrations, Enterprise Apps and Service Principals YouTube

No ServicePrincipals where the API returned 'Request_ResourceNotFound'

No Applications where the API returned 'Request_ResourceNotFound'

Download CSV semicolon | comma
ApplicationId DisplayName SP ObjectId Usage Usage info Policy assignment details Role assignments
addfa80f-9a88-4563-a159-3c299bb4c7d8 Deploy-VM-Monitoring 065dde0b-5eab-4fce-80ee-ec956e94c498 Policy assignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring BuiltIn PolicySet: Enable Azure Monitor for VMs (55f3eceb-5573-4f18-9695-226972c6d74a) 1 (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 (Owner))
59fea0c9-4279-46f2-b2ad-1103e264e964 Deploy-AzActivity-Log 1691aa06-da2e-43f0-98f9-af12494603a9 Policy assignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log Custom Policy: Deploy Diagnostic Settings for Activity Log to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog) 1 (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/e5ac6b58-4f31-5956-9082-78d97ba2453e (Owner))
7b43e7f6-bcb5-4836-8d1f-b624b2714be0 Deploy-Log-Analytics 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5 Policy assignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics Custom Policy: Deploy the Log Analytics in the subscription (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-log-analytics) 1 (/providers/Microsoft.Management/managementGroups/ESJH-management/providers/Microsoft.Authorization/roleAssignments/b95d2309-e3d0-5961-bef8-a3e75deca49a (Owner))
17e0b01b-14eb-4016-bf8e-171b5b044b95 Enforce-SQL-Encryption 34520a11-7b14-46a8-ac34-7d766959460a Policy assignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/policyAssignments/Enforce-SQL-Encryption BuiltIn Policy: Deploy SQL DB transparent data encryption (86a912f6-9a06-4e26-b447-11b16ba8659f) 1 (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/3df334e6-61c3-543a-b548-97586caf6d4f (Owner))
6e1d3051-0ad2-4920-b525-a653ba20c5f6 Deploy-ASC-Security 4cb4c797-237b-4e64-b2cf-66f841700442 Policy assignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Security Custom Policy: Deploy Azure Defender settings in Azure Security Center. (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard) 1 (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf (Owner))
873c2c67-e210-496e-86aa-f53d8b4f1844 Deploy-SQL-DB-Auditing 4f3a2551-ea2f-43c6-9623-8950156d19b7 Policy assignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-DB-Auditing BuiltIn Policy: Auditing on SQL server should be enabled (a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9) 1 (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 (Owner))
afbb1efc-63bd-46fa-8d7e-976ec0d75862 Deploy-LX-Arc-Monitoring 9ed01b2b-9311-41a8-8897-0a329047be49 Policy assignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-LX-Arc-Monitoring BuiltIn Policy: Configure Log Analytics agent on Azure Arc enabled Linux servers (9d2b61b4-1d14-4a63-be30-d4498e7ad2cf) 1 (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf (Owner))
cab048f7-a6c2-46d7-a04a-fed3abf27f75 Deploy-VMSS-Monitoring a3a4908f-b068-455e-a3f5-38cc5e00448f Policy assignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-VMSS-Monitoring BuiltIn PolicySet: Enable Azure Monitor for Virtual Machine Scale Sets (75714362-cae7-409e-9b99-a8e5075b7fad) 1 (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 (Owner))
1e94c5fb-a02b-4a89-a2f0-51299f787f8b Deploy-WS-Arc-Monitoring b0bdcb08-09c9-4d9d-957e-963d255e7220 Policy assignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-WS-Arc-Monitoring BuiltIn Policy: Configure Log Analytics agent on Azure Arc enabled Windows servers (69af7d4a-7b18-4044-93a9-2651498ef203) 1 (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/38abf737-131b-52a2-90da-78943675bfed (Owner))
e51a68e4-11b9-4062-b384-3a8e70a20825 Deploy-VM-Backup e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 Policy assignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup BuiltIn Policy: Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy (98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86) 1 (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 (Owner))
717c2b3f-1fb7-4a5f-acc8-fc60ea27f2be Deploy-Resource-Diag e51576ad-748d-462b-9d70-cb3b03e6c2e6 Policy assignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag Custom PolicySet: Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 1 (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/45afca7b-a696-5947-a47f-960081dd1dbc (Owner))
cf80e92b-ae4e-4539-98c9-b7c6fe22b23d Deploy-AKS-Policy fb0a7498-393f-434d-aa93-2acd144f489f Policy assignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy BuiltIn Policy: Deploy Azure Policy Add-on to Azure Kubernetes Service clusters (a8eff44f-8c92-45c3-a3fb-9880802d67a7) 1 (/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/roleAssignments/4f80e55d-446d-5743-a173-5d189d196345 (Owner))
Download CSV semicolon | comma
ApplicationId DisplayName Notes SP ObjectId App ObjectId Secrets Secrets expired Secrets expiry
<14d
Secrets expiry
>14d & <2y
Secrets expiry
>2y
Certs Certs expired Certs expiry
<14d
Certs expiry
>14d & <2y
Certs expiry
>2y
2b213162-e349-461a-bc29-aefa7da6cb32 AzOps c295384a-33d9-475e-abaf-d2fb0274299a 3dd669f2-a512-4bb1-b52c-bc8a438e067b 1 0 0 1 0 0 0 0 0 0
b92a0a2f-8536-4134-b0fb-60ee0528d1b0 azgovvizwwcsecurity e261446e-77d2-4cf5-a32a-0fbef8ee1333 2d29aa1b-04bf-4770-922c-354724b38562 1 0 0 1 0 0 0 0 0 0

0 External (appOwnerOrganizationId) AAD ServicePrincipals type=Application

Customize your Azure environment optimizations (Cost, Reliability & more) with Azure Optimization Engine (AOE)
Download CSV semicolon | comma
ChargeType ResourceType Category ResourceCount Cost (1d) Currency Subscriptions
usage arm advanced threat protection 2 0.0043548012 EUR 2
usage microsoft.storage advanced threat protection 2 0.0000134928 EUR 1
usage microsoft.storage storage 2 0.000015601968 EUR 1
Download CSV semicolon | comma
Scope Scope Id Policy DisplayName PolicyId Category Effect Role definitions Unique assignments Used in PolicySets Created/Updated CreatedOn CreatedBy UpdatedOn UpdatedBy
Mg ESJH Public network access should be disabled for CosmosDB /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-cosmosdb SQL Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 1 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints) Updated 2021-01-10 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-07-15 15:15:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a

0 Created/Updated custom PolicySet definitions

Download CSV semicolon | comma
Scope Management Group Id Management Group Name SubscriptionId Subscription Name Inheritance ScopeExcluded Exemption applies Policy/Set DisplayName Policy/Set Description Policy/SetId Policy/Set Type Category Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Assignment DisplayName Assignment Description AssignmentId Created/Updated AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub false false [Deprecated]: Function App should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. /providers/microsoft.authorization/policydefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55 Policy BuiltIn Security Center AuditIfNotExists Default 0 0 0 0 0 none testDeprecatedAssignment no description given /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/bcdd1466e4fc5114b6e5f13d Created n/a 2021-07-18 15:09:28 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg CUST_T5 CUST_T5 atz thisScope Mg false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute audit Default 0 0 0 0 0 none APA Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policyassignments/aa4f4fdfd3b04fb3962a9da9 Created Joe Dalton 2021-07-15 15:16:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes thisScope Mg false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute audit Default 0 0 0 0 0 none APA Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b2 Created n/a 2021-07-06 09:42:48 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-sandboxes ESJH-sandboxes thisScope Mg false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute audit Default 0 0 0 0 0 none APA2 Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b3 Created n/a 2021-07-06 10:32:34 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-sandboxes ESJH-sandboxes thisScope Mg false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute audit Default 0 0 0 0 0 none APA3 Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b4 Created n/a 2021-07-06 11:59:31 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH ESJH thisScope Mg false false Enable Azure Monitor for VMs Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/roleAssignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring Updated n/a 2021-01-10 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 2021-07-09 16:04:52 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Download CSV semicolon | comma
Role Name RoleId Assignable Scopes Data Created/Updated CreatedOn CreatedBy UpdatedOn UpdatedBy
testRole3368 08a2d627-a94e-461e-8350-432b457d00a3 1 (/providers/microsoft.management/managementgroups/esjhdev) false Created 2021-08-04 15:36:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
testRole3366 f548f1ea-48f1-4a74-9061-b5dacacf514a 1 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f) false Created&Updated 2021-07-18 15:22:38 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 2021-07-19 19:45:44 ObjectType: User Member, ObjectDisplayName: Jack Dalton, ObjectSignInName: JackDalton@AzGovViz.onmicrosoft.com, ObjectId: c64d2776-a210-428f-b54f-a4a5dd7f8ef8
testRole3367 f7028056-3a12-43ac-a499-0d1844a02240 1 (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466) false Created 2021-08-04 15:34:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Download CSV semicolon | comma
Scope Role Role Id Role Type Data Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
Mg Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 2021-07-19 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/Microsoft.Authorization/roleAssignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 2021-07-06 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/Microsoft.Management/managementGroups/ESJH-sandboxes/providers/Microsoft.Authorization/roleAssignments/5c852bb9-bc65-44cb-a7d7-f230589f9c11 none 2021-07-05 08:20:09 ObjectType: SP App INT , ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/ESJHDEV/providers/Microsoft.Authorization/roleAssignments/983c43f8-1c29-4c73-9816-b69d38226be4 none 2021-07-06 13:09:24 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP App INT direct /providers/Microsoft.Management/managementGroups/ESJHQA/providers/Microsoft.Authorization/roleAssignments/9f1fe9df-5a9c-46ca-b881-154ecd19eaa7 none 2021-07-06 10:02:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg Security Reader 39bc4728-0917-49c7-9d2c-d95423bc2eb4 Builtin false group04NoMembers n/a 5f90ced2-7d5e-493b-9db6-862b9332e20a Group direct 0 (Usr: 0, Grp: 0, SP: 0) /providers/Microsoft.Management/managementGroups/ESJHQA/providers/Microsoft.Authorization/roleAssignments/e010f291-49a9-4d4b-be4d-55c6aeb164cd none 2021-08-06 09:30:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg Log Analytics Reader 73c42c96-874c-492b-b04d-ab87d138a893 Builtin false group04NoMembers n/a 5f90ced2-7d5e-493b-9db6-862b9332e20a Group indirect group05OneMemberGroupWithNoMembers (c57f8838-1603-4932-b3c4-9572feea9173) 1 (Usr: 0, Grp: 1, SP: 0) /providers/Microsoft.Management/managementGroups/ESJHQA/providers/Microsoft.Authorization/roleAssignments/fe935a9c-928f-4dec-aafb-54ecc2642cf3 none 2021-08-06 09:30:52 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg Log Analytics Reader 73c42c96-874c-492b-b04d-ab87d138a893 Builtin false group05OneMemberGroupWithNoMembers n/a c57f8838-1603-4932-b3c4-9572feea9173 Group direct 1 (Usr: 0, Grp: 1, SP: 0) /providers/Microsoft.Management/managementGroups/ESJHQA/providers/Microsoft.Authorization/roleAssignments/fe935a9c-928f-4dec-aafb-54ecc2642cf3 none 2021-08-06 09:30:52 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub Tag Contributor 4a9ae827-6dc8-4573-8ac7-8239d42aa03f Builtin false Tag Bert TagBert@AzGovViz.onmicrosoft.com 9e1643fe-b887-4a53-9071-56801236f719 User Member direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/1dd61049-04b7-4058-af49-01f9b83159b2 none 2021-07-22 08:57:09 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/2754101a-9df1-48e7-ae2a-836f23710ed7 none 2021-07-19 19:43:09 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect group03 (e2390190-219f-419f-bdfa-a9f5cc3698cc) 1 (Usr: 1, Grp: 0, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/6bbd9ae3-1189-40bb-8170-7e8674b79159 none 2021-07-21 10:08:04 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false group03 n/a e2390190-219f-419f-bdfa-a9f5cc3698cc Group direct 1 (Usr: 1, Grp: 0, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/6bbd9ae3-1189-40bb-8170-7e8674b79159 none 2021-07-21 10:08:04 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleAssignments/70e14253-25d3-447f-9356-ac32985062a4 none 2021-07-19 19:31:24 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Download CSV semicolon | comma
ResourceType Resource Count Created&Changed Created&Changed Subs Created Created Subs Changed Changed Subs
microsoft.keyvault/vaults 1 1 1 1 1 1 1
microsoft.network/networksecuritygroups 2 0 0 0 0 2 1
microsoft.storage/storageaccounts 1 1 1 1 1 1 1

DefinitionInsights

JSON PolicyType Category Deprecated Preview Scope Mg/Sub Scope Name/Id effectDefaultValue hasAssignments Assignments Count Assignments UsedInPolicySet PolicySetsCount PolicySets Roles
{
  "properties": {
    "displayName": "[ASC Private Preview] Configure system-assigned managed identity to enable Azure Monitor assignments on VMs",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "[ASC Private Preview] Configure system-assigned managed identity to virtual machines hosted in Azure that are supported by Azure Monitor that do not have a system-assigned managed identity. A system-assigned managed identity is a prerequisite for all Azure Monitor assignments and must be added to machines before using any Azure Monitor extension. Target virtual machines must be in a supported location.",
    "metadata": {
      "category": "Monitoring",
      "version": "3.0.0-preview",
      "preview": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Modify",
          "Disabled"
        ],
        "defaultValue": "Modify"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Compute/virtualMachines"
          },
          {
            "field": "location",
            "in": [
              "australiacentral",
              "australiaeast",
              "australiasoutheast",
              "centralindia",
              "centralus",
              "eastasia",
              "eastus",
              "eastus2",
              "germanywestcentral",
              "japaneast",
              "northcentralus",
              "northeurope",
              "southcentralus",
              "southeastasia",
              "uksouth",
              "westcentralus",
              "westeurope",
              "westus",
              "westus2"
            ]
          },
          {
            "anyOf": [
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "RedHat"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "RHEL",
                      "RHEL-SAP-HANA"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "7*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "SUSE"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "SLES",
                      "SLES-HPC",
                      "SLES-HPC-Priority",
                      "SLES-SAP",
                      "SLES-SAP-BYOS",
                      "SLES-Priority",
                      "SLES-BYOS",
                      "SLES-SAPCAL",
                      "SLES-Standard"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "12*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Canonical"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "UbuntuServer"
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "14.04*LTS"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "16.04*LTS"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "18.04*LTS"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Oracle"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "Oracle-Linux"
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "7.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "7*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "OpenLogic"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "CentOS",
                      "Centos-LVM",
                      "CentOS-SRIOV"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "6.*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "7*"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "cloudera"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "cloudera-centos-os"
                  },
                  {
                    "field": "Microsoft.Compute/imageSku",
                    "like": "7*"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "credativ"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "debian"
                    ]
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "8"
                      },
                      {
                        "field": "Microsoft.Compute/imageSku",
                        "like": "9"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "Debian"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "debian-10"
                    ]
                  },
                  {
                    "field": "Microsoft.Compute/imageSku",
                    "like": "10"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftWindowsServer"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "WindowsServer"
                  },
                  {
                    "field": "Microsoft.Compute/imageSku",
                    "in": [
                      "2008-R2-SP1",
                      "2008-R2-SP1-smalldisk",
                      "2012-Datacenter",
                      "2012-Datacenter-smalldisk",
                      "2012-R2-Datacenter",
                      "2012-R2-Datacenter-smalldisk",
                      "2016-Datacenter",
                      "2016-Datacenter-Server-Core",
                      "2016-Datacenter-Server-Core-smalldisk",
                      "2016-Datacenter-smalldisk",
                      "2016-Datacenter-with-Containers",
                      "2016-Datacenter-with-RDSH",
                      "2019-Datacenter",
                      "2019-Datacenter-Core",
                      "2019-Datacenter-Core-smalldisk",
                      "2019-Datacenter-Core-with-Containers",
                      "2019-Datacenter-Core-with-Containers-smalldisk",
                      "2019-Datacenter-smalldisk",
                      "2019-Datacenter-with-Containers",
                      "2019-Datacenter-with-Containers-smalldisk",
                      "2019-Datacenter-zhcn"
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftWindowsServer"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "WindowsServerSemiAnnual"
                  },
                  {
                    "field": "Microsoft.Compute/imageSku",
                    "in": [
                      "Datacenter-Core-1709-smalldisk",
                      "Datacenter-Core-1709-with-Containers-smalldisk",
                      "Datacenter-Core-1803-with-Containers-smalldisk"
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftWindowsServerHPCPack"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "WindowsServerHPCPack"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftSQLServer"
                  },
                  {
                    "anyOf": [
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "*-WS2019"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "*-WS2019-BYOL"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "*-WS2016"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "*-WS2016-BYOL"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "*-WS2012R2"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "*-WS2012R2-BYOL"
                      }
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftRServer"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "MLServer-WS2016"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftVisualStudio"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "in": [
                      "VisualStudio",
                      "Windows"
                    ]
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftDynamicsAX"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "Dynamics"
                  },
                  {
                    "field": "Microsoft.Compute/imageSku",
                    "equals": "Pre-Req-AX7-Onebox-U8"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "microsoft-ads"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "windows-data-science-vm"
                  }
                ]
              },
              {
                "allOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "equals": "MicrosoftWindowsDesktop"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "equals": "Windows-10"
                  }
                ]
              },
              {
                "field": "Microsoft.Compute/virtualMachines/securityProfile.uefiSettings",
                "exists": "true"
              }
            ]
          },
          {
            "value": "[requestContext().apiVersion]",
            "greaterOrEquals": "2018-10-01"
          },
          {
            "field": "identity.type",
            "notContains": "SystemAssigned"
          }
        ]
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"
          ],
          "operations": [
            {
              "operation": "addOrReplace",
              "field": "identity.type",
              "value": "[if(contains(field('identity.type'), 'UserAssigned'), concat(field('identity.type'), ',SystemAssigned'), 'SystemAssigned')]"
            }
          ]
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/17b3de92-f710-4cf4-aa55-0e7859f1ed7b",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "17b3de92-f710-4cf4-aa55-0e7859f1ed7b"
}
BuiltIn Monitoring False True n/a n/a Modify false 0 n/a true 1 [Preview]: Configure machines to automatically install the Azure Monitor and Azure Security agents on virtual machines (/providers/microsoft.authorization/policysetdefinitions/a15f3269-2e10-458c-87a4-d5989e678a73) 'Virtual Machine Contributor' (9980e02c-c2be-4d73-94e8-173b1dc7cf3c)
{
  "properties": {
    "displayName": "[Deprecated]: A security contact phone number should be provided for your subscription",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Enter a phone number to receive notifications when Azure Security Center detects compromised resources - This policy is deprecated because phone numbers are no longer used in any scenario by Azure Security Center",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "Security Center",
      "deprecated": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Resources/subscriptions"
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/securityContacts",
          "existenceCondition": {
            "field": "Microsoft.Security/securityContacts/phone",
            "notEquals": ""
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "b4d66858-c922-44e3-9566-5cdb7a7be744"
}
BuiltIn Security Center True False n/a n/a Disabled false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: Access to App Services should be restricted",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Azure security center has discovered that the networking configuration of some of your app services are overly permissive and allow inbound traffic from ranges that are too broad",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "Security Center",
      "deprecated": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Web/sites"
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/complianceResults",
          "name": "restrictAccessToAppServices",
          "existenceCondition": {
            "field": "Microsoft.Security/complianceResults/resourceStatus",
            "in": [
              "OffByPolicy",
              "Healthy"
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/1a833ff1-d297-4a0f-9944-888428f8e0ff",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "1a833ff1-d297-4a0f-9944-888428f8e0ff"
}
BuiltIn Security Center True False n/a n/a Disabled false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: Advanced data security settings for SQL Managed Instance should contain an email address for security alerts",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Ensure that an email address is provided for the 'Send alerts to' field in the advanced data security settings. This email address receives alert notifications when anomalous activities are detected on SQL Managed Instance.",
    "metadata": {
      "version": "1.0.1-deprecated",
      "category": "SQL",
      "deprecated": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Sql/managedInstances"
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Sql/managedInstances/securityAlertPolicies",
          "name": "default",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]",
                "notEquals": ""
              },
              {
                "field": "Microsoft.Sql/managedInstances/securityAlertPolicies/emailAddresses[*]",
                "exists": "true"
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/3965c43d-b5f4-482e-b74a-d89ee0e0b3a8",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "3965c43d-b5f4-482e-b74a-d89ee0e0b3a8"
}
BuiltIn SQL True False n/a n/a Disabled false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: Advanced data security settings for SQL server should contain an email address to receive security alerts",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Ensure that an email address is provided for the 'Send alerts to' field in the Advanced Data Security server settings. This email address receives alert notifications when anomalous activities are detected on SQL servers.",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "SQL",
      "deprecated": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Sql/servers"
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Sql/servers/securityAlertPolicies",
          "name": "default",
          "existenceCondition": {
            "field": "Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[*]",
            "notEquals": ""
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/9677b740-f641-4f3c-b9c5-466005c85278",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "9677b740-f641-4f3c-b9c5-466005c85278"
}
BuiltIn SQL True False n/a n/a Disabled false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL Managed Instance advanced data security settings",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "It's recommended to enable all Advanced Threat Protection types on your SQL Managed Instance. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.",
    "metadata": {
      "version": "1.0.1-deprecated",
      "category": "SQL",
      "deprecated": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Sql/managedInstances"
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Sql/managedInstances/securityAlertPolicies",
          "name": "default",
          "existenceCondition": {
            "field": "Microsoft.Sql/managedInstances/securityAlertPolicies/disabledAlerts[*]",
            "equals": ""
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/bda18df3-5e41-4709-add9-2554ce68c966",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "bda18df3-5e41-4709-add9-2554ce68c966"
}
BuiltIn SQL True False n/a n/a Disabled false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL server Advanced Data Security settings",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "SQL",
      "deprecated": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Sql/servers"
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Sql/servers/securityAlertPolicies",
          "name": "default",
          "existenceCondition": {
            "field": "Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*]",
            "equals": ""
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/e756b945-1b1b-480b-8de8-9a0859d5f7ad",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "e756b945-1b1b-480b-8de8-9a0859d5f7ad"
}
BuiltIn SQL True False n/a n/a Disabled false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: Allow resource creation if 'department' tag set",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Allows resource creation only if the 'department' tag is set",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "Tags",
      "deprecated": true
    },
    "parameters": {},
    "policyRule": {
      "if": {
        "not": {
          "field": "tags",
          "containsKey": "department"
        }
      },
      "then": {
        "effect": "Deny"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "cd8dc879-a2ae-43c3-8211-1877c5755064"
}
BuiltIn Tags True False n/a n/a n/a false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: Allow resource creation if 'environment' tag value in allowed values",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Allows resource creation if the 'environment' tag is set to one of the following values: production, dev, test, staging",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "Tags",
      "deprecated": true
    },
    "parameters": {},
    "policyRule": {
      "if": {
        "not": {
          "field": "tags['environment']",
          "in": [
            "production",
            "dev",
            "test",
            "staging"
          ]
        }
      },
      "then": {
        "effect": "Deny"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "ac7e5fc0-c029-4b12-91d4-a8500ce697f9"
}
BuiltIn Tags True False n/a n/a n/a false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: Allow resource creation only in Asia data centers",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Allows resource creation in the following locations only: East Asia, Southeast Asia, West India, South India, Central India, Japan East, Japan West",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "General",
      "deprecated": true
    },
    "parameters": {},
    "policyRule": {
      "if": {
        "not": {
          "field": "location",
          "in": [
            "eastasia",
            "southeastasia",
            "westindia",
            "southindia",
            "centralindia",
            "japaneast",
            "japanwest"
          ]
        }
      },
      "then": {
        "effect": "Deny"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"
}
BuiltIn General True False n/a n/a n/a false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: Allow resource creation only in European data centers",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Allows resource creation in the following locations only: North Europe, West Europe",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "General",
      "deprecated": true
    },
    "parameters": {},
    "policyRule": {
      "if": {
        "not": {
          "field": "location",
          "in": [
            "northeurope",
            "westeurope"
          ]
        }
      },
      "then": {
        "effect": "Deny"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "94c19f19-8192-48cd-a11b-e37099d3e36b"
}
BuiltIn General True False n/a n/a n/a false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: Allow resource creation only in India data centers",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Allows resource creation in the following locations only: West India, South India, Central India",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "General",
      "deprecated": true
    },
    "parameters": {},
    "policyRule": {
      "if": {
        "not": {
          "field": "location",
          "in": [
            "westindia",
            "southindia",
            "centralindia"
          ]
        }
      },
      "then": {
        "effect": "Deny"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"
}
BuiltIn General True False n/a n/a n/a false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: Allow resource creation only in United States data centers",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Allows resource creation in the following locations only: Central US, East US, East US2, North Central US, South Central US, West US",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "General",
      "deprecated": true
    },
    "parameters": {},
    "policyRule": {
      "if": {
        "not": {
          "field": "location",
          "in": [
            "centralus",
            "eastus",
            "eastus2",
            "northcentralus",
            "southcentralus",
            "westus"
          ]
        }
      },
      "then": {
        "effect": "Deny"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "983211ba-f348-4758-983b-21fa29294869"
}
BuiltIn General True False n/a n/a n/a false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: API App should only be accessible over HTTPS",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "Security Center",
      "deprecated": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "allof": [
          {
            "field": "type",
            "equals": "microsoft.Web/sites"
          },
          {
            "anyof": [
              {
                "field": "kind",
                "equals": "api"
              },
              {
                "field": "kind",
                "equals": "apiApp"
              }
            ]
          }
        ]
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/complianceResults",
          "name": "OnlyHttpsForApiApp",
          "existenceCondition": {
            "field": "Microsoft.Security/complianceResults/resourceStatus",
            "in": [
              "OffByPolicy",
              "Healthy"
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/c85538c1-b527-4ce4-bdb4-1dabcb3fd90d",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "c85538c1-b527-4ce4-bdb4-1dabcb3fd90d"
}
BuiltIn Security Center True False n/a n/a AuditIfNotExists false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: App Service should disable public network access",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disabling public network access improves security by ensuring that the app service is not exposed on the public internet. Creating private endpoints can limit exposure of the app service. Learn more at: https://aka.ms/app-service-private-endpoint.",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "App Service",
      "deprecated": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Web/sites/config"
          },
          {
            "field": "Microsoft.Web/sites/config/PublicNetworkAccess",
            "notEquals": "Disabled"
          }
        ]
      },
      "then": {
        "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/d79ab062-dffd-4318-8344-f70de714c0bc",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "d79ab062-dffd-4318-8344-f70de714c0bc"
}
BuiltIn App Service True False n/a n/a Audit false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: Audit API Applications that are not using latest supported .NET Framework",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Use the latest supported .NET Framework version for the latest security classes. Using older classes and types can make your application vulnerable.",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "Security Center",
      "deprecated": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "allof": [
          {
            "field": "type",
            "equals": "microsoft.Web/sites"
          },
          {
            "anyof": [
              {
                "field": "kind",
                "equals": "api"
              },
              {
                "field": "kind",
                "equals": "apiApp"
              }
            ]
          }
        ]
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/complianceResults",
          "name": "UseLatestDotNet",
          "existenceCondition": {
            "field": "Microsoft.Security/complianceResults/resourceStatus",
            "in": [
              "OffByPolicy",
              "Healthy"
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/1de7b11d-1870-41a5-8181-507e7c663cfb",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "1de7b11d-1870-41a5-8181-507e7c663cfb"
}
BuiltIn Security Center True False n/a n/a AuditIfNotExists false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: Audit API Applications that are not using latest supported Java Framework",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Use the latest supported Java version for the latest security classes. Using older classes and types can make your application vulnerable.",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "Security Center",
      "deprecated": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "allof": [
          {
            "field": "type",
            "equals": "microsoft.Web/sites"
          },
          {
            "anyof": [
              {
                "field": "kind",
                "equals": "api"
              },
              {
                "field": "kind",
                "equals": "apiApp"
              }
            ]
          }
        ]
      },
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/complianceResults",
          "name": "UseLatestJava",
          "existenceCondition": {
            "field": "Microsoft.Security/complianceResults/resourceStatus",
            "in": [
              "OffByPolicy",
              "Healthy"
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/9bfe3727-0a17-471f-a2fe-eddd6b668745",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "9bfe3727-0a17-471f-a2fe-eddd6b668745"
}
BuiltIn Security Center True False n/a n/a AuditIfNotExists false 0 n/a false 0 n/a n/a
{
  "properties": {
    "displayName": "[Deprecated]: Audit API Applications that are not using latest supported PHP Framework",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Use the latest supported PHP version for the latest security