2
896470ca-9c6e-4176-9b38-5a655403c638
2xTenantSummary
Anything which can help you learn Azure Policy GitHub
Download CSV semicolon | comma
| Scope | Scope Id | Policy DisplayName | Policy Name | PolicyId | Category | ALZ | Effect | Role definitions | Unique assignments | Used in PolicySets | CreatedOn | CreatedBy | UpdatedOn | UpdatedBy |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mg | esjh | 1234_AP_MG_RA_onRG_(1234_RG_CUST) | 1234_AP_MG_RA_onRG_(1234_RG_CUST) | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/1234_ap_mg_ra_onrg_(1234_rg_cust) | 1234_RgRoleAssignment | false | Fixed: deployIfNotExists | Owner | 0 | 2 (1234_API_MG_RA_onRG_(1234_RG_CUST) (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust)), 1234_API_MG_RA_onRG_(1234_RG_CUST) (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust))) | 09/14/2021 16:55:47 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | 1234_AP_MG_RA_onSub | 42672afc-0fc0-4dea-9f1d-95dcd2f9a21c | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c | false | Fixed: deployIfNotExists | 1234 RoleAssignmentSubscriptionOwner | 3 (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435, /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150, /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f) | 0 | 03/09/2022 07:00:03 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | 03/10/2022 14:56:28 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |
| Sub | 20217969-e578-4e91-beea-9bcf18b05a7e | 1234Deny-ra-if-SPObjectId | 8a9070c4-7eec-4b78-b044-62c20a06d1de | /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/providers/microsoft.authorization/policydefinitions/8a9070c4-7eec-4b78-b044-62c20a06d1de | false | Fixed: deny | n/a | 1 (/subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/protectedresources/providers/microsoft.authorization/policyassignments/fa0ac64635d34f42b8e052ba) | 0 | 03/17/2022 15:06:00 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||
| Mg | esjh-online | ALZFake | 7a2ec127-9921-445e-a3bb-91f7099f545d | /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policydefinitions/7a2ec127-9921-445e-a3bb-91f7099f545d | cust_fakeALZ_Locations | true | Fixed: audit | n/a | 0 | 0 | 09/08/2022 18:16:26 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| Mg | esjh | Application Gateway should be deployed with WAF enabled | Deny-AppGW-Without-WAF | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-appgw-without-waf | Network | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Sub | f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Create NSG Rule | 4e7e976d-d94c-47a3-a534-392c641cecd8 | /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policydefinitions/4e7e976d-d94c-47a3-a534-392c641cecd8 | CUST_NSG | false | Fixed: append | n/a | 0 | 0 | 05/18/2021 18:01:38 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | 05/18/2021 18:22:00 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a |
| Sub | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | cust_Deploy a default budget on all subscriptions under the assigned scope | 1c5e347d-1d8f-4854-9d88-918455c3c983 | /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policydefinitions/1c5e347d-1d8f-4854-9d88-918455c3c983 | ALZClone | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,AuditIfNotExists,Disabled | Contributor | 0 | 0 | 08/31/2022 13:35:26 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| Mg | esjh-platform | cust2_Deploy a default budget on all subscriptions under the assigned scope | 4a132703-b3fd-4228-aaaa-f46ebc34a324 | /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/policydefinitions/4a132703-b3fd-4228-aaaa-f46ebc34a324 | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,AuditIfNotExists,Disabled | Contributor | 0 | 0 | 08/31/2022 18:02:02 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||
| Mg | esjh | Deny the creation of private DNS | Deny-Private-DNS-Zones | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-private-dns-zones | Network | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 0 | 1 (API - Deny the creation of private DNS - cust (/providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policysetdefinitions/ee6248fccddc45b59624ac8f)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Deny the creation of private DNS - cust | 53568753-a797-45d7-a552-d55f4a398bbb | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/53568753-a797-45d7-a552-d55f4a398bbb | Network-custom | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 1 (/subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/nsg/providers/microsoft.authorization/policyassignments/d1212de8a8fd4184a8965eea) | 1 (API - Deny the creation of private DNS - cust (/providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policysetdefinitions/ee6248fccddc45b59624ac8f)) | 05/02/2022 07:01:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| Mg | esjh | Deny the creation of public IP | Deny-PublicIP | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicip | Network | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deny vNet peering | Deny-ERPeering | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-erpeering | Network | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy a default budget on subscriptions | Deploy-Budget | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-budget | Budget | true | Fixed: DeployIfNotExists | Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy an Azure DDoS Protection Standard plan | Deploy-DDoSProtection | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-ddosprotection | Network | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Network Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Azure Defender settings in Azure Security Center. | Deploy-ASC-Standard | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard | Security Center | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Security Admin | 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security) | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Azure Firewall Manager policy in the subscription | Deploy-FirewallPolicy | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-firewallpolicy | Network | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Network Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Activity Log to Log Analytics workspace | Deploy-Diagnostics-ActivityLog | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log) | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace | Deploy-Diagnostics-AnalysisService | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-analysisservice | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:37 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for API Management to Log Analytics workspace | Deploy-Diagnostics-APIMgmt | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apimgmt | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace | Deploy-Diagnostics-WebServerFarm | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-webserverfarm | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for App Service to Log Analytics workspace | Deploy-Diagnostics-Website | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-website | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace | Deploy-Diagnostics-ApplicationGateway | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-applicationgateway | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Automation to Log Analytics workspace | Deploy-Diagnostics-AA | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aa | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace | Deploy-Diagnostics-DataLakeStore | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datalakestore | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace | Deploy-Diagnostics-Function | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-function | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 09/14/2021 15:38:21 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |
| Mg | esjh | Deploy Diagnostic Settings for Batch to Log Analytics workspace | Deploy-Diagnostics-Batch | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-batch | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace | Deploy-Diagnostics-CDNEndpoints | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cdnendpoints | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace | Deploy-Diagnostics-CognitiveServices | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cognitiveservices | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Container Instances to Log Analytics workspace | Deploy-Diagnostics-ACI | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aci | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Container Registry to Log Analytics workspace | Deploy-Diagnostics-ACR | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-acr | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace | Deploy-Diagnostics-CosmosDB | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cosmosdb | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Data Factory to Log Analytics workspace | Deploy-Diagnostics-DataFactory | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datafactory | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace | Deploy-Diagnostics-DLAnalytics | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dlanalytics | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace | Deploy-Diagnostics-MySQL | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mysql | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace | Deploy-Diagnostics-PostgreSQL | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-postgresql | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Databricks to Log Analytics workspace | Deploy-Diagnostics-Databricks | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-databricks | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace | Deploy-Diagnostics-EventGridSub | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsub | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace | Deploy-Diagnostics-EventGridSystemTopic | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsystemtopic | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace | Deploy-Diagnostics-EventGridTopic | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridtopic | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace | Deploy-Diagnostics-EventHub | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventhub | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:37 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace | Deploy-Diagnostics-ExpressRoute | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-expressroute | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Firewall to Log Analytics workspace | Deploy-Diagnostics-Firewall | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-firewall | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Front Door to Log Analytics workspace | Deploy-Diagnostics-FrontDoor | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-frontdoor | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for HDInsight to Log Analytics workspace | Deploy-Diagnostics-HDInsight | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-hdinsight | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace | Deploy-Diagnostics-iotHub | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-iothub | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Key Vault to Log Analytics workspace | Deploy-Diagnostics-KeyVault | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-keyvault | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace | Deploy-Diagnostics-AKS | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aks | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:37 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace | Deploy-Diagnostics-LoadBalancer | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-loadbalancer | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace | Deploy-Diagnostics-LogicAppsISE | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappsise | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Logic Apps Workflow runtime to Log Analytics workspace | Deploy-Diagnostics-LogicAppsWF | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappswf | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace | Deploy-Diagnostics-MlWorkspace | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mlworkspace | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for MariaDB to Log Analytics workspace | Deploy-Diagnostics-MariaDB | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mariadb | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace | Deploy-Diagnostics-NIC | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-nic | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace | Deploy-Diagnostics-NetworkSecurityGroups | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-networksecuritygroups | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace | Deploy-Diagnostics-PowerBIEmbedded | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-powerbiembedded | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace | Deploy-Diagnostics-PublicIP | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-publicip | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Recovery Services vaults to Log Analytics workspace | Deploy-Diagnostics-RecoveryVault | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-recoveryvault | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace | Deploy-Diagnostics-RedisCache | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-rediscache | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:37 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Relay to Log Analytics workspace | Deploy-Diagnostics-Relay | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-relay | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Search Services to Log Analytics workspace | Deploy-Diagnostics-SearchServices | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-searchservices | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace | Deploy-Diagnostics-ServiceBus | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-servicebus | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for SignalR to Log Analytics workspace | Deploy-Diagnostics-SignalR | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-signalr | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace | Deploy-Diagnostics-SQLDBs | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqldbs | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace | Deploy-Diagnostics-SQLElasticPools | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlelasticpools | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace | Deploy-Diagnostics-SQLMI | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlmi | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace | Deploy-Diagnostics-StreamAnalytics | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-streamanalytics | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace | Deploy-Diagnostics-TimeSeriesInsights | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-timeseriesinsights | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:37 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace | Deploy-Diagnostics-TrafficManager | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-trafficmanager | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace | Deploy-Diagnostics-VMSS | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vmss | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace | Deploy-Diagnostics-VM | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vm | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace | Deploy-Diagnostics-VirtualNetwork | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-virtualnetwork | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace | Deploy-Diagnostics-VNetGW | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vnetgw | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy DNS Zone Group for Key Vault Private Endpoint | Deploy-DNSZoneGroup-For-KeyVault-PrivateEndpoint | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-keyvault-privateendpoint | Network | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Private DNS Zone Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy DNS Zone Group for SQL Private Endpoint | Deploy-DNSZoneGroup-For-Sql-PrivateEndpoint | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-sql-privateendpoint | Network | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Private DNS Zone Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy DNS Zone Group for Storage-Blob Private Endpoint | Deploy-DNSZoneGroup-For-Table-PrivateEndpoint | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-table-privateendpoint | Network | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Private DNS Zone Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy DNS Zone Group for Storage-File Private Endpoint | Deploy-DNSZoneGroup-For-File-PrivateEndpoint | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-file-privateendpoint | Network | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Private DNS Zone Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy DNS Zone Group for Storage-Queue Private Endpoint | Deploy-DNSZoneGroup-For-Queue-PrivateEndpoint | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-queue-privateendpoint | Network | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Private DNS Zone Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy DNS Zone Group for Storage-Blob Private Endpoint | Deploy-DNSZoneGroup-For-Blob-PrivateEndpoint | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-blob-privateendpoint | Network | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Private DNS Zone Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy spoke network with configuration to hub network based on ipam configuration object | Deploy-vNet | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vnet | Network | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Network Contributor | 0 | 0 | 01/10/2021 20:57:36 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy SQL database auditing settings | Deploy-Sql-AuditingSettings | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-auditingsettings | SQL | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | SQL Security Manager | 0 | 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security)) | 01/10/2021 20:57:37 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy SQL Database security Alert Policies configuration with email admin accounts | Deploy-Sql-SecurityAlertPolicies | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-securityalertpolicies | SQL | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | SQL Security Manager | 0 | 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy SQL Database Transparent Data Encryption | Deploy-Sql-Tde | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-tde | SQL | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | SQL Security Manager | 0 | 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security)) | 01/10/2021 20:57:37 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy SQL Database vulnerability Assessments | Deploy-Sql-vulnerabilityAssessments | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-vulnerabilityassessments | SQL | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | SQL Security Manager, Monitoring Contributor | 0 | 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy the configurations to the Log Analytics in the subscription | Deploy-LA-Config | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-la-config | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy the Log Analytics in the subscription | Deploy-Log-Analytics | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-log-analytics | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 1 (/providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics) | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy the Virtual WAN in the specific region | Deploy-vWAN | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vwan | Network | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Network Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Virtual Hub network with Virtual Wan and Gateway and Firewall configured. | Deploy-vHUB | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vhub | Network | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Network Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Virtual Network to be used as hub virtual network in desired region | Deploy-HUB | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-hub | Network | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Network Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploy Windows Domain Join Extension with keyvault configuration | Deploy-Windows-DomainJoin | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-windows-domainjoin | Guest Configuration | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Virtual Machine Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploys NSG flow logs and traffic analytics | Deploy-Nsg-FlowLogs | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-nsg-flowlogs | Monitoring | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Monitoring Contributor, Log Analytics Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Deploys virtual network peering to hub | Deploy-VNET-HubSpoke | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vnet-hubspoke | Network | true | Fixed: deployIfNotExists | Contributor | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | DiagSubscriptionsDim | 68b79a92-8932-4f15-88a6-0ed2675fa157 | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/68b79a92-8932-4f15-88a6-0ed2675fa157 | false | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Log Analytics Contributor | 1 (/subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/e184b6792089442786621cfe) | 0 | 06/24/2022 14:46:59 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||
| Mg | esjh | Enforce Role assignment at Subscription Scope | enforce-roleAssignment-subscriptionScope | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope | false | Fixed: deployIfNotExists | Owner | 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0) | 0 | 03/16/2022 23:18:32 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | 03/16/2022 23:26:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |
| Mg | esjh | KeyVault SoftDelete should be enabled | Append-KV-SoftDelete | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/append-kv-softdelete | Key Vault | true | Fixed: append | n/a | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | My_AP_MG_raOnSub | cedae647-a6f4-4c91-bc48-e411d86f335a | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a | RBAC | false | Fixed: deployIfNotExists | 1234 RoleAssignmentSubscriptionOwner | 1 (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623) | 0 | 03/11/2022 07:34:09 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | 03/11/2022 09:13:52 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a |
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | myPipelinePolicy | New Pipeline Policy 3 | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 | Cache | false | Default: Audit; Allowed: Audit,Deny | n/a | 1 (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01) | 0 | 10/27/2021 14:09:47 | ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1 | 10/27/2021 14:14:04 | ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1 |
| Sub | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | myPipelinePolicy | New Pipeline Policy 3 | /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 | Cache | false | Default: Audit; Allowed: Audit,Deny | n/a | 0 | 0 | 10/27/2021 14:09:14 | ObjectType: SP APP INT, ObjectDisplayName: PolicyPipelineNonProd, ObjectSignInName: n/a, ObjectId: 192e9bab-be5b-4f6f-9e89-a4c80e638e43 | 10/27/2021 14:13:28 | ObjectType: SP APP INT, ObjectDisplayName: PolicyPipelineNonProd, ObjectSignInName: n/a, ObjectId: 192e9bab-be5b-4f6f-9e89-a4c80e638e43 |
| Sub | f28ba982-5ed0-4033-9bdf-e45e4b5df466 | myPipelinePolicy | New Pipeline Policy 3 | /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 | Cache | false | Default: Audit; Allowed: Audit,Deny | n/a | 0 | 0 | 10/27/2021 14:08:41 | ObjectType: SP APP INT, ObjectDisplayName: PolicyPipelineDev, ObjectSignInName: n/a, ObjectId: 3a4c97c7-ae6d-4d5a-a9c7-2bb2e0127fb4 | 10/27/2021 14:12:59 | ObjectType: SP APP INT, ObjectDisplayName: PolicyPipelineDev, ObjectSignInName: n/a, ObjectId: 3a4c97c7-ae6d-4d5a-a9c7-2bb2e0127fb4 |
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | New Pipeline Policy | New Pipeline Policy 2 | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 2 | Cache | false | Default: Audit; Allowed: Audit,Deny | n/a | 0 | 0 | 10/27/2021 14:06:22 | ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1 | ||
| Mg | esjh | No child resources in Automation Account | Deny-AA-child-resources | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-aa-child-resources | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 0 | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 09/22/2021 21:24:16 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |
| Mg | esjh | Public network access on AKS API should be disabled | Deny-PublicEndpoint-Aks | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-aks | Kubernetes | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 0 | 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Public network access on Azure SQL Database should be disabled | Deny-PublicEndpoint-Sql | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-sql | SQL | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 0 | 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Public network access onStorage accounts should be disabled | Deny-PublicEndpoint-Storage | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-storage | Storage | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 0 | 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Public network access should be disabled for CosmosDB | Deny-PublicEndpoint-CosmosDB | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-cosmosdb | SQL | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 0 | 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 07/15/2021 15:15:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a |
| Mg | esjh | Public network access should be disabled for KeyVault | Deny-PublicEndpoint-KeyVault | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-keyvault | Key Vault | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 0 | 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | cust_t5 | Public network access should be disabled for MariaDB | Deny-PublicEndpoint-MariaDB | /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb | SQL | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 0 | 0 | 09/09/2022 15:09:45 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| Mg | esjh | Public network access should be disabled for MariaDB | Deny-PublicEndpoint-MariaDB | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb | SQL | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 0 | 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Public network access should be disabled for MySQL | Deny-PublicEndpoint-MySQL | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mysql | SQL | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 0 | 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | Public network access should be disabled for PostgreSql | Deny-PublicEndpoint-PostgreSql | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-postgresql | SQL | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 0 | 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | esjh | RDP access from the Internet should be blocked | Deny-RDP-From-Internet | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet | Network | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 1 (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet) | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | cust_t5 | SQL managed instances deploy a specific min TLS version requirement. | Deploy-SqlMi-minTLS | /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policydefinitions/deploy-sqlmi-mintls | SQL | true | Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled | Owner | 0 | 0 | 09/09/2022 15:11:32 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| Mg | esjh | Subnets should have a Network Security Group | Deny-Subnet-Without-Nsg | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg | Network | true | Default: Deny; Allowed: Audit,Deny,Disabled | n/a | 1 (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg) | 0 | 01/10/2021 20:57:38 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | test_Deploy Diagnostic Settings for Subscription to Storage Account | e1927c7a-e9e7-4657-9996-aff37b6560ed | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/e1927c7a-e9e7-4657-9996-aff37b6560ed | test_diag | false | Default: DeployIfNotExists; Allowed: DeployIfNotExists,AuditIfNotExists,Disabled | Storage Account Contributor, Monitoring Contributor | 0 | 0 | 12/31/2021 10:02:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | 12/31/2021 10:37:02 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a |
Download CSV semicolon | comma
| Policy DisplayName | PolicyId |
|---|---|
| test_Deploy Diagnostic Settings for Subscription to Storage Account | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/e1927c7a-e9e7-4657-9996-aff37b6560ed |
| New Pipeline Policy | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 2 |
| Public network access should be disabled for MariaDB | /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb |
| SQL managed instances deploy a specific min TLS version requirement. | /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policydefinitions/deploy-sqlmi-mintls |
| ALZFake | /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policydefinitions/7a2ec127-9921-445e-a3bb-91f7099f545d |
| cust2_Deploy a default budget on all subscriptions under the assigned scope | /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/policydefinitions/4a132703-b3fd-4228-aaaa-f46ebc34a324 |
| KeyVault SoftDelete should be enabled | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/append-kv-softdelete |
| No child resources in Automation Account | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-aa-child-resources |
| Application Gateway should be deployed with WAF enabled | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-appgw-without-waf |
| Deny vNet peering | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-erpeering |
| Deny the creation of public IP | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicip |
| Deploy a default budget on subscriptions | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-budget |
| Deploy an Azure DDoS Protection Standard plan | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-ddosprotection |
| Deploy DNS Zone Group for Storage-Blob Private Endpoint | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-blob-privateendpoint |
| Deploy DNS Zone Group for Storage-File Private Endpoint | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-file-privateendpoint |
| Deploy DNS Zone Group for Key Vault Private Endpoint | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-keyvault-privateendpoint |
| Deploy DNS Zone Group for Storage-Queue Private Endpoint | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-queue-privateendpoint |
| Deploy DNS Zone Group for SQL Private Endpoint | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-sql-privateendpoint |
| Deploy DNS Zone Group for Storage-Blob Private Endpoint | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-table-privateendpoint |
| Deploy Azure Firewall Manager policy in the subscription | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-firewallpolicy |
| Deploy Virtual Network to be used as hub virtual network in desired region | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-hub |
| Deploy the configurations to the Log Analytics in the subscription | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-la-config |
| Deploys NSG flow logs and traffic analytics | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-nsg-flowlogs |
| Deploy Virtual Hub network with Virtual Wan and Gateway and Firewall configured. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vhub |
| Deploy spoke network with configuration to hub network based on ipam configuration object | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vnet |
| Deploys virtual network peering to hub | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vnet-hubspoke |
| Deploy the Virtual WAN in the specific region | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vwan |
| Deploy Windows Domain Join Extension with keyvault configuration | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-windows-domainjoin |
| cust_Deploy a default budget on all subscriptions under the assigned scope | /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policydefinitions/1c5e347d-1d8f-4854-9d88-918455c3c983 |
| myPipelinePolicy | /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 |
| Create NSG Rule | /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policydefinitions/4e7e976d-d94c-47a3-a534-392c641cecd8 |
| myPipelinePolicy | /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 |
Download CSV semicolon | comma
| Scope | ScopeId | PolicySet DisplayName | PolicySet Name | PolicySetId | Category | ALZ | Unique assignments | Policies used in PolicySet | CreatedOn | CreatedBy | UpdatedOn | UpdatedBy |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mg | esjh | 1234_API_MG_RA_onRG_(1234_RG_CUST) | 1234_API_MG_RA_onRG_(1234_RG_CUST) | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust) | 1234_RgRoleAssignment | false | 2 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f, /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466) | 2 (1234_AP_MG_RA_onRG_(1234_RG_CUST) (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/1234_ap_mg_ra_onrg_(1234_rg_cust)), 1234_AP_MG_RA_onRG_(1234_RG_CUST) (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/1234_ap_mg_ra_onrg_(1234_rg_cust))) | 09/14/2021 16:55:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| Mg | ESJH-online | API - Deny the creation of private DNS - cust | ee6248fccddc45b59624ac8f | /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policysetdefinitions/ee6248fccddc45b59624ac8f | Network-custom | false | 1 (/subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/nsg/providers/microsoft.authorization/policyassignments/fab7aac62c1d419d87835c61) | 2 (Deny the creation of private DNS - cust (/providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/53568753-a797-45d7-a552-d55f4a398bbb), Deny the creation of private DNS (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-private-dns-zones)) | 05/02/2022 07:07:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| Mg | CUST_T5 | Deny or Audit resources without Encryption with a customer-managed key (CMK) | Enforce-Encryption-CMK | /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk | Encryption | true | 0 | 15 (Azure API for FHIR should use a customer-managed key to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/051cba44-2429-45b9-9649-46cec11c7119), Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources (/providers/microsoft.authorization/policydefinitions/0961003e-5a0a-4549-abde-af6a37f2724d), [Deprecated]: SQL servers should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd), PostgreSQL servers should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274), Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f), Container registries should be encrypted with a customer-managed key (/providers/microsoft.authorization/policydefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580), Cognitive Services accounts should enable data encryption with a customer-managed key (/providers/microsoft.authorization/policydefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d), Storage accounts should use customer-managed key for encryption (/providers/microsoft.authorization/policydefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25), Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys (/providers/microsoft.authorization/policydefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67), MySQL servers should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833), Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password (/providers/microsoft.authorization/policydefinitions/86efb160-8de7-451d-bc08-5d475b0aadae), Azure Stream Analytics jobs should use customer-managed keys to encrypt data (/providers/microsoft.authorization/policydefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7), Azure Batch account should use customer-managed keys to encrypt data (/providers/microsoft.authorization/policydefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a), Azure Machine Learning workspaces should be encrypted with a customer-managed key (/providers/microsoft.authorization/policydefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8), Azure Synapse workspaces should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385)) | 09/09/2022 15:15:00 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| Mg | ESJH | Deploy Diagnostic Settings to Azure Services | Deploy-Diag-LogAnalytics | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics | Monitoring | true | 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag) | 55 (Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-analysisservice), Deploy Diagnostic Settings for API Management to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apimgmt), Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-webserverfarm), Deploy Diagnostic Settings for App Service to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-website), Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-applicationgateway), Deploy Diagnostic Settings for Automation to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aa), Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datalakestore), Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-function), Deploy Diagnostic Settings for Batch to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-batch), Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cdnendpoints), Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cognitiveservices), Deploy Diagnostic Settings for Container Instances to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aci), Deploy Diagnostic Settings for Container Registry to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-acr), Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cosmosdb), Deploy Diagnostic Settings for Data Factory to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datafactory), Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dlanalytics), Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mysql), Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-postgresql), Deploy Diagnostic Settings for Databricks to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-databricks), Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsub), Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsystemtopic), Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridtopic), Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventhub), Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-expressroute), Deploy Diagnostic Settings for Firewall to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-firewall), Deploy Diagnostic Settings for Front Door to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-frontdoor), Deploy Diagnostic Settings for HDInsight to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-hdinsight), Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-iothub), Deploy Diagnostic Settings for Key Vault to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-keyvault), Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aks), Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-loadbalancer), Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappsise), Deploy Diagnostic Settings for Logic Apps Workflow runtime to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappswf), Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mlworkspace), Deploy Diagnostic Settings for MariaDB to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mariadb), Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-nic), Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-networksecuritygroups), Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-powerbiembedded), Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-publicip), Deploy Diagnostic Settings for Recovery Services vaults to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-recoveryvault), Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-rediscache), Deploy Diagnostic Settings for Relay to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-relay), Deploy Diagnostic Settings for Search Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-searchservices), Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-servicebus), Deploy Diagnostic Settings for SignalR to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-signalr), Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqldbs), Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlelasticpools), Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlmi), Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-streamanalytics), Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-timeseriesinsights), Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-trafficmanager), Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vmss), Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vm), Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-virtualnetwork), Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vnetgw)) | 01/10/2021 20:57:40 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | ESJH | Deploy SQL Database built-in SQL security configuration | Deploy-Sql-Security | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security | SQL | true | 0 | 4 (Deploy SQL database auditing settings (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-auditingsettings), Deploy SQL Database security Alert Policies configuration with email admin accounts (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-securityalertpolicies), Deploy SQL Database Transparent Data Encryption (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-tde), Deploy SQL Database vulnerability Assessments (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-vulnerabilityassessments)) | 01/10/2021 20:57:40 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| Mg | ESJH-landingzones | Public network access should be disabled for PAAS services | 1234_API_MG_RoleAssignment_onRGMatching_(1234_RG_CUST*) | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*) | false | 0 | 8 (Public network access on AKS API should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-aks), Public network access on Azure SQL Database should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-sql), Public network access onStorage accounts should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-storage), Public network access should be disabled for CosmosDB (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-cosmosdb), Public network access should be disabled for KeyVault (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-keyvault), Public network access should be disabled for MariaDB (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb), Public network access should be disabled for MySQL (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mysql), Public network access should be disabled for PostgreSql (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-postgresql)) | 08/31/2021 15:14:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||
| Mg | ESJH | Public network access should be disabled for PAAS services | Deny-PublicEndpoints | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints | Network | false | 0 | 8 (Public network access on AKS API should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-aks), Public network access on Azure SQL Database should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-sql), Public network access onStorage accounts should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-storage), Public network access should be disabled for CosmosDB (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-cosmosdb), Public network access should be disabled for KeyVault (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-keyvault), Public network access should be disabled for MariaDB (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb), Public network access should be disabled for MySQL (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mysql), Public network access should be disabled for PostgreSql (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-postgresql)) | 01/10/2021 20:57:40 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 |
Download CSV semicolon | comma
| PolicySet DisplayName | PolicySetId |
|---|---|
| Deny or Audit resources without Encryption with a customer-managed key (CMK) | /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk |
| Public network access should be disabled for PAAS services | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*) |
| Public network access should be disabled for PAAS services | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints |
| Deploy SQL Database built-in SQL security configuration | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security |
Azure Landing Zones (ALZ) GitHub
Download CSV semicolon | comma
Download CSV semicolon | comma
| Type | Policy Name (Id) | Policy Version | Policy Scope | Policy Scope Id | ALZ Policy Name (Id) | ALZ Policy Version | ALZ State | Exists in tenant | Detection method | AzAdvertizer Link |
|---|---|---|---|---|---|---|---|---|---|---|
| Policy | 4a132703-b3fd-4228-aaaa-f46ebc34a324 | n/a | Mg | esjh-platform | Deploy-Budget | 1.1.0 | potentiallyOutDated (no ver) | True | PolicyRule Hash | AzA Link |
| Policy | Deny-PublicEndpoint-Aks | 1.0.0 | Mg | esjh | Deny-PublicEndpoint-Aks | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-MariaDB | 1.0.0 | Mg | esjh | Deploy-Diagnostics-MariaDB | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deny-Private-DNS-Zones | 1.0.0 | Mg | esjh | Deny-Private-DNS-Zones | 1.0.0 | upToDate | True | PolicyRule Hash, Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-EventGridSub | 1.0.0 | Mg | esjh | Deploy-Diagnostics-EventGridSub | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | 1c5e347d-1d8f-4854-9d88-918455c3c983 | 1.1.0 | Sub | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | Deploy-Budget | 1.1.0 | upToDate | True | PolicyRule Hash | AzA Link |
| Policy | Deploy-DNSZoneGroup-For-Blob-PrivateEndpoint | 1.0.0 | Mg | esjh | Deploy-DNSZoneGroup-For-Blob-PrivateEndpoint | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-ACR | 1.0.0 | Mg | esjh | Deploy-Diagnostics-ACR | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Windows-DomainJoin | 1.0.0 | Mg | esjh | Deploy-Windows-DomainJoin | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Nsg-FlowLogs | 1.0.0 | Mg | esjh | Deploy-Nsg-FlowLogs | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-RedisCache | 1.0.0 | Mg | esjh | Deploy-Diagnostics-RedisCache | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-Batch | 1.0.0 | Mg | esjh | Deploy-Diagnostics-Batch | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-Databricks | 1.0.0 | Mg | esjh | Deploy-Diagnostics-Databricks | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-SQLDBs | 1.0.0 | Mg | esjh | Deploy-Diagnostics-SQLDBs | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-PublicIP | 1.0.0 | Mg | esjh | Deploy-Diagnostics-PublicIP | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-MySQL | 1.0.0 | Mg | esjh | Deploy-Diagnostics-MySQL | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deny-PublicEndpoint-MariaDB | 1.0.0 | Mg | cust_t5 | Deny-PublicEndpoint-MariaDB | 1.0.0 | upToDate | True | PolicyRule Hash, Policy Name, MetaData Tag | AzA Link |
| Policy | Deploy-Sql-Tde | 1.0.0 | Mg | esjh | Deploy-Sql-Tde | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Log-Analytics | 1.0.0 | Mg | esjh | Deploy-Log-Analytics | obsolete | True | Policy Name | ||
| Policy | Deny-AppGW-Without-WAF | 1.0.0 | Mg | esjh | Deny-AppGW-Without-WAF | 1.0.0 | upToDate | True | PolicyRule Hash, Policy Name | AzA Link |
| Policy | Deny-PublicIP | 1.0.0 | Mg | esjh | Deny-PublicIP | 1.0.0 | upToDate | True | PolicyRule Hash, Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-StreamAnalytics | 1.0.0 | Mg | esjh | Deploy-Diagnostics-StreamAnalytics | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-AKS | 1.0.0 | Mg | esjh | Deploy-Diagnostics-AKS | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-TimeSeriesInsights | 1.0.0 | Mg | esjh | Deploy-Diagnostics-TimeSeriesInsights | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | 53568753-a797-45d7-a552-d55f4a398bbb | n/a | Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Deny-Private-DNS-Zones | 1.0.0 | potentiallyOutDated (no ver) | True | PolicyRule Hash | AzA Link |
| Policy | Deploy-Diagnostics-NIC | 1.0.0 | Mg | esjh | Deploy-Diagnostics-NIC | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deny-ERPeering | 1.0.0 | Mg | esjh | Deny-VNet-Peering | 1.0.1 | outDated | True | PolicyRule Hash | AzA Link |
| Policy | Deny-PublicEndpoint-Storage | 1.0.0 | Mg | esjh | Deny-PublicEndpoint-Storage | obsolete | True | Policy Name | ||
| Policy | Deploy-vWAN | 1.0.0 | Mg | esjh | Deploy-vWAN | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-LoadBalancer | 1.0.0 | Mg | esjh | Deploy-Diagnostics-LoadBalancer | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-DNSZoneGroup-For-File-PrivateEndpoint | 1.0.0 | Mg | esjh | Deploy-DNSZoneGroup-For-File-PrivateEndpoint | obsolete | True | Policy Name | ||
| Policy | Deny-PublicEndpoint-MySQL | 1.0.0 | Mg | esjh | Deny-PublicEndpoint-MySQL | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-LogicAppsWF | 1.0.0 | Mg | esjh | Deploy-Diagnostics-LogicAppsWF | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-Website | 1.0.0 | Mg | esjh | Deploy-Diagnostics-Website | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-SQLElasticPools | 1.0.0 | Mg | esjh | Deploy-Diagnostics-SQLElasticPools | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-DLAnalytics | 1.0.0 | Mg | esjh | Deploy-Diagnostics-DLAnalytics | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Append-KV-SoftDelete | 1.0.0 | Mg | esjh | Append-KV-SoftDelete | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-EventHub | 1.0.0 | Mg | esjh | Deploy-Diagnostics-EventHub | obsolete | True | Policy Name | ||
| Policy | Deploy-vHUB | 1.0.0 | Mg | esjh | Deploy-vHUB | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-SignalR | 1.0.0 | Mg | esjh | Deploy-Diagnostics-SignalR | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-VM | 1.0.0 | Mg | esjh | Deploy-Diagnostics-VM | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-TrafficManager | 1.0.0 | Mg | esjh | Deploy-Diagnostics-TrafficManager | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Sql-SecurityAlertPolicies | 1.0.0 | Mg | esjh | Deploy-Sql-SecurityAlertPolicies | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deny-AA-child-resources | n/a | Mg | esjh | Deny-AA-child-resources | 1.0.0 | potentiallyOutDated (no ver) | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-ActivityLog | 1.0.0 | Mg | esjh | Deploy-Diagnostics-ActivityLog | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-AA | 1.0.0 | Mg | esjh | Deploy-Diagnostics-AA | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-SearchServices | 1.0.0 | Mg | esjh | Deploy-Diagnostics-SearchServices | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-VirtualNetwork | 1.0.0 | Mg | esjh | Deploy-Diagnostics-VirtualNetwork | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-ACI | 1.0.0 | Mg | esjh | Deploy-Diagnostics-ACI | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-EventGridSystemTopic | 1.0.0 | Mg | esjh | Deploy-Diagnostics-EventGridSystemTopic | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-VNET-HubSpoke | 1.0.0 | Mg | esjh | Deploy-VNET-HubSpoke | 1.1.0 | outDated | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-WebServerFarm | 1.0.0 | Mg | esjh | Deploy-Diagnostics-WebServerFarm | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deny-PublicEndpoint-KeyVault | 1.0.0 | Mg | esjh | Deny-PublicEndpoint-KeyVault | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-CognitiveServices | 1.0.0 | Mg | esjh | Deploy-Diagnostics-CognitiveServices | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-NetworkSecurityGroups | 1.0.0 | Mg | esjh | Deploy-Diagnostics-NetworkSecurityGroups | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deny-Subnet-Without-Nsg | 1.0.0 | Mg | esjh | Deny-Subnet-Without-Nsg | 2.0.0 | outDated | True | PolicyRule Hash, Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-ExpressRoute | 1.0.0 | Mg | esjh | Deploy-Diagnostics-ExpressRoute | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-LogicAppsISE | 1.0.0 | Mg | esjh | Deploy-Diagnostics-LogicAppsISE | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | 7a2ec127-9921-445e-a3bb-91f7099f545d | 1.0.0 | Mg | esjh-online | unknown | True | MetaData Tag | |||
| Policy | Deploy-Diagnostics-SQLMI | 1.0.0 | Mg | esjh | Deploy-Diagnostics-SQLMI | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-Function | n/a | Mg | esjh | Deploy-Diagnostics-Function | 1.0.0 | potentiallyOutDated (no ver) | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-Relay | 1.0.0 | Mg | esjh | Deploy-Diagnostics-Relay | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-KeyVault | 1.0.0 | Mg | esjh | Deploy-Diagnostics-KeyVault | obsolete | True | Policy Name | ||
| Policy | Deploy-DDoSProtection | 1.0.0 | Mg | esjh | Deploy-DDoSProtection | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deny-PublicEndpoint-MariaDB | 1.0.0 | Mg | esjh | Deny-PublicEndpoint-MariaDB | 1.0.0 | upToDate | True | PolicyRule Hash, Policy Name | AzA Link |
| Policy | Deploy-LA-Config | 1.0.0 | Mg | esjh | Deploy-LA-Config | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-PowerBIEmbedded | 1.0.0 | Mg | esjh | Deploy-Diagnostics-PowerBIEmbedded | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Budget | 1.0.0 | Mg | esjh | Deploy-Budget | 1.1.0 | outDated | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-Firewall | 1.0.0 | Mg | esjh | Deploy-Diagnostics-Firewall | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-DataLakeStore | 1.0.0 | Mg | esjh | Deploy-Diagnostics-DataLakeStore | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-iotHub | 1.0.0 | Mg | esjh | Deploy-Diagnostics-iotHub | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-ASC-Standard | 1.0.0 | Mg | esjh | Deploy-ASC-Standard | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-EventGridTopic | 1.0.0 | Mg | esjh | Deploy-Diagnostics-EventGridTopic | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-AnalysisService | 1.0.0 | Mg | esjh | Deploy-Diagnostics-AnalysisService | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-VMSS | 1.0.0 | Mg | esjh | Deploy-Diagnostics-VMSS | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-RecoveryVault | 1.0.0 | Mg | esjh | Deploy-Diagnostics-RecoveryVault | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-ServiceBus | 1.0.0 | Mg | esjh | Deploy-Diagnostics-ServiceBus | obsolete | True | Policy Name | ||
| Policy | Deploy-Sql-AuditingSettings | 1.0.0 | Mg | esjh | Deploy-Sql-AuditingSettings | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deny-PublicEndpoint-PostgreSql | 1.0.0 | Mg | esjh | Deny-PublicEndpoint-PostgreSql | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-FrontDoor | 1.0.0 | Mg | esjh | Deploy-Diagnostics-FrontDoor | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-HUB | 1.0.0 | Mg | esjh | Deploy-HUB | obsolete | True | Policy Name | ||
| Policy | Deploy-SqlMi-minTLS | 1.0.0 | Mg | cust_t5 | Deploy-SqlMi-minTLS | 1.0.0 | upToDate | True | PolicyRule Hash, Policy Name, MetaData Tag | AzA Link |
| Policy | Deploy-Diagnostics-PostgreSQL | 1.0.0 | Mg | esjh | Deploy-Diagnostics-PostgreSQL | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-CosmosDB | 1.0.0 | Mg | esjh | Deploy-Diagnostics-CosmosDB | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deny-PublicEndpoint-CosmosDB | 1.0.0 | Mg | esjh | Deny-PublicEndpoint-CosmosDB | obsolete | True | Policy Name | ||
| Policy | Deny-PublicEndpoint-Sql | 1.0.0 | Mg | esjh | Deny-PublicEndpoint-Sql | obsolete | True | Policy Name | ||
| Policy | Deploy-vNet | 1.0.0 | Mg | esjh | Deploy-vNet | obsolete | True | Policy Name | ||
| Policy | Deploy-Sql-vulnerabilityAssessments | 1.0.0 | Mg | esjh | Deploy-Sql-vulnerabilityAssessments | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-DNSZoneGroup-For-KeyVault-PrivateEndpoint | 1.0.0 | Mg | esjh | Deploy-DNSZoneGroup-For-KeyVault-PrivateEndpoint | obsolete | True | Policy Name | ||
| Policy | Deploy-DNSZoneGroup-For-Queue-PrivateEndpoint | 1.0.0 | Mg | esjh | Deploy-DNSZoneGroup-For-Queue-PrivateEndpoint | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-APIMgmt | 1.0.0 | Mg | esjh | Deploy-Diagnostics-APIMgmt | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-VNetGW | 1.0.0 | Mg | esjh | Deploy-Diagnostics-VNetGW | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-MlWorkspace | 1.0.0 | Mg | esjh | Deploy-Diagnostics-MlWorkspace | 1.1.0 | outDated | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-CDNEndpoints | 1.0.0 | Mg | esjh | Deploy-Diagnostics-CDNEndpoints | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deny-RDP-From-Internet | 1.0.0 | Mg | esjh | Deny-RDP-From-Internet | 1.0.0 | upToDate | True | PolicyRule Hash, Policy Name | AzA Link |
| Policy | Deploy-FirewallPolicy | 1.0.0 | Mg | esjh | Deploy-FirewallPolicy | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-DataFactory | 1.0.0 | Mg | esjh | Deploy-Diagnostics-DataFactory | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-Diagnostics-ApplicationGateway | 1.0.0 | Mg | esjh | Deploy-Diagnostics-ApplicationGateway | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | Deploy-DNSZoneGroup-For-Sql-PrivateEndpoint | 1.0.0 | Mg | esjh | Deploy-DNSZoneGroup-For-Sql-PrivateEndpoint | obsolete | True | Policy Name | ||
| Policy | Deploy-DNSZoneGroup-For-Table-PrivateEndpoint | 1.0.0 | Mg | esjh | Deploy-DNSZoneGroup-For-Table-PrivateEndpoint | obsolete | True | Policy Name | ||
| Policy | Deploy-Diagnostics-HDInsight | 1.0.0 | Mg | esjh | Deploy-Diagnostics-HDInsight | 1.0.0 | upToDate | True | Policy Name | AzA Link |
| Policy | n/a | n/a | n/a | n/a | Deploy-Diagnostics-DataExplorerCluster | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-SqlMi-minTLS | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Append-AppService-latestTLS | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deploy-Diagnostics-WVDAppGroup | 1.0.1 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-Databricks-Sku | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deploy-Custom-Route-Table | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-MachineLearning-Aks | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deploy-Nsg-FlowLogs-to-LA | 1.1.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deploy-Diagnostics-AVDScalingPlans | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deploy-PostgreSQL-sslEnforcement | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-PostgreSql-http | 1.0.1 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-AppServiceWebApp-http | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-Sql-minTLS | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-VNET-Peering-To-Non-Approved-VNETs | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deploy-Diagnostics-ApiForFHIR | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-MachineLearning-PublicNetworkAccess | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Append-Redis-disableNonSslPort | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-Subnet-Without-UDR | 2.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deploy-Diagnostics-WVDHostPools | 1.1.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-MachineLearning-ComputeCluster-Scale | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-MachineLearning-HbiWorkspace | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Audit-MachineLearning-PrivateEndpointId | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-AppServiceFunctionApp-http | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-Databricks-VirtualNetwork | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Append-Redis-sslEnforcement | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deploy-MySQL-sslEnforcement | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deploy-Diagnostics-Bastion | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deploy-SQL-minTLS | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-VNET-Peer-Cross-Sub | 1.0.1 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deploy-Diagnostics-MediaService | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-Databricks-NoPublicIp | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess | 1.1.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-Redis-http | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-Storage-minTLS | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deploy-ASC-SecurityContacts | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-MachineLearning-Compute-VmSize | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deploy-Storage-sslEnforcement | 1.1.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-MySql-http | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Append-AppService-httpsonly | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deploy-Diagnostics-WVDWorkspace | 1.0.1 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-MachineLearning-PublicAccessWhenBehindVnet | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-MachineLearning-Compute-SubnetId | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-VNet-Peering | 1.0.1 | False | ALZ GitHub repository | AzA Link | |
| Policy | n/a | n/a | n/a | n/a | Deny-AppServiceApiApp-http | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| PolicySet | Enforce-Encryption-CMK | 1.0.0 | Mg | CUST_T5 | Enforce-Encryption-CMK | 1.0.0 | upToDate | True | PolicySet Name, MetaData Tag | AzA Link |
| PolicySet | Deploy-Diag-LogAnalytics | 1.0.0 | Mg | ESJH | Deploy-Diag-LogAnalytics | obsolete | True | PolicySet Name | ||
| PolicySet | Deploy-Sql-Security | 1.0.0 | Mg | ESJH | Deploy-Sql-Security | 1.0.0 | upToDate | True | PolicySet Name | AzA Link |
| PolicySet | n/a | n/a | n/a | n/a | Deploy-Private-DNS-Zones | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| PolicySet | n/a | n/a | n/a | n/a | Deploy-MDFC-Config | 3.0.0 | False | ALZ GitHub repository | AzA Link | |
| PolicySet | n/a | n/a | n/a | n/a | Deny-PublicPaaSEndpoints | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| PolicySet | n/a | n/a | n/a | n/a | Enforce-EncryptTransit | 1.0.0 | False | ALZ GitHub repository | AzA Link | |
| PolicySet | n/a | n/a | n/a | n/a | Deploy-Diagnostics-LogAnalytics | 1.1.0 | False | ALZ GitHub repository | AzA Link |
Download CSV semicolon | comma
| PolicySet DisplayName | PolicySetId | Policy DisplayName | PolicyId | Deprecated Property |
|---|---|---|---|---|
| Deny or Audit resources without Encryption with a customer-managed key (CMK) | /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk | [Deprecated]: SQL servers should use customer-managed keys to encrypt data at rest | /providers/microsoft.authorization/policydefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd | true |
Download CSV semicolon | comma
| Policy Assignment DisplayName | Policy AssignmentId | Policy/PolicySet | PolicySet DisplayName | PolicySetId | Policy DisplayName | PolicyId | Deprecated Property |
|---|---|---|---|---|---|---|---|
| testDeprecatedAssignment | /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/bcdd1466e4fc5114b6e5f13d | Policy | n/a | n/a | [Deprecated]: Function App should only be accessible over HTTPS | /providers/microsoft.authorization/policydefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55 | True |
Download CSV semicolon | comma
| Scope | Management Group Id | Management Group Name | SubscriptionId | Subscription Name | ResourceGroup | ResourceName / ResourceType | Exemption name | Exemption description | Category | ExpiresOn (UTC) | Exemption Id | Policy AssignmentId | Policy Type | Policy | Exempted Set Policies | CreatedBy | CreatedAt | LastModifiedBy | LastModifiedAt |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MG | ESJH-sandboxes | ESJH-sandboxes | ESJH-sandboxes - ASC-Monitoring | Waiver | expired 02/04/2021 23:00:00 | /providers/Microsoft.Management/managementGroups/ESJH-sandboxes/providers/Microsoft.Authorization/policyExemptions/02752b36ec214097999f6b9b | /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring | PolicySet | Azure Security Benchmark | all 205 | ESDeploymentAccount@AzGovViz.onmicrosoft.com (User) | 2021-01-25 22:29:14 | ESDeploymentAccount@AzGovViz.onmicrosoft.com (User) | 2021-01-25 22:29:14 | |||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | landingZone - ASC-Monitoring | Waiver | expired 02/03/2021 23:00:00 | /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/policyExemptions/95e48160397b4d21ac96d7ca | /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring | PolicySet | Azure Security Benchmark | all 205 | ESDeploymentAccount@AzGovViz.onmicrosoft.com (User) | 2021-01-25 22:48:00 | ESDeploymentAccount@AzGovViz.onmicrosoft.com (User) | 2021-01-25 22:48:00 |
0 Policy assignments orphaned
Download CSV semicolon | comma
*Depending on the number of rows and your computer´s performance the table may respond with delay, download the csv for better filtering experience
*Depending on the number of rows and your computer´s performance the table may respond with delay, download the csv for better filtering experience
| Scope | Management Group Id | Management Group Name | SubscriptionId | Subscription Name | Inheritance | ScopeExcluded | Exemption applies | Policy/Set DisplayName | Policy/Set Description | Policy/SetId | Policy/Set | Type | Category | ALZ | Effect | Parameters | Enforcement | NonCompliance Message | Policies NonCmplnt | Policies Compliant | Resources NonCmplnt | Resources Compliant | Resources Conflicting | Role/Assignment | Managed Identity | Assignment DisplayName | Assignment Description | AssignmentId | AssignedBy | CreatedOn | CreatedBy | UpdatedOn | UpdatedBy |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mg | ESJH | ESJH | thisScope Mg | false | false | Azure Security Benchmark | The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. | /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 | PolicySet | BuiltIn | Security Center | False | n/a | Default | 45 | 9 | 26 | 2 | 0 | none | ASC-Monitoring | ASC-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring | n/a | 01/10/2021 21:00:45 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH | ESJH | thisScope Mg | false | false | Deploy Azure Defender settings in Azure Security Center. | Deploys the Azure Defender settings in Azure Security Center for the specific services. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard | Policy | Custom | Security Center | true | DeployIfNotExists | pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard | Default | 1 | 0 | 3 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) | Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) | Deploy-ASC-Defender | Deploy-ASC-Defender | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH | ESJH | thisScope Mg | false | false | Deploy Diagnostic Settings for Activity Log to Log Analytics workspace | Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog | Policy | Custom | Monitoring | true | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True | Default | 0 | 1 | 0 | 3 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) | Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) | Deploy-AzActivity-Log | Deploy-AzActivity-Log | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH | ESJH | thisScope Mg | false | false | Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date | /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) | Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) | Deploy-Linux-Arc-Monitoring | Deploy-Linux-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH | ESJH | thisScope Mg | false | false | Deploy Diagnostic Settings to Azure Services | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics | PolicySet | Custom | Monitoring | true | n/a | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 3 | 4 | 3 | 12 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) | Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) | Deploy-Resource-Diag | Deploy-Resource-Diag | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH | ESJH | thisScope Mg | false | false | Legacy - Enable Azure Monitor for VMs | Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) | /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) | Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) | Deploy-VM-Monitoring | Deploy-VM-Monitoring v2 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 07/09/2021 16:04:52 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||
| Mg | ESJH | ESJH | thisScope Mg | false | false | Legacy - Enable Azure Monitor for Virtual Machine Scale Sets | Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) | Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) | Deploy-VMSS-Monitoring | Deploy-VMSS-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH | ESJH | thisScope Mg | false | false | Configure Log Analytics extension on Azure Arc enabled Windows servers | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. | /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) | Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) | Deploy-Windows-Arc-Monitoring | Deploy-Windows-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH | ESJH | thisScope Mg | false | false | Enforce Role assignment at Subscription Scope | This Policy definition will enforce a RBAC Role assignment at Subscription scope. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope | Policy | Custom | n/a | false | deployIfNotExists | targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 1 | 0 | 3 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) | enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) | no description given | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 | n/a | 03/16/2022 23:28:22 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | test01 | test01 | thisScope Mg | false | false | 1234_AP_MG_RA_onSub | 1234_AP_MG_RA_onSub | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c | Policy | Custom | n/a | false | deployIfNotExists | targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 1 | 0 | 1 | 0 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be) | 1b5ac3236f0246ef83a14435 (SPObjId: 04b9b3f5-86a7-48cf-85fd-cce9468568db) | 1234_APA_MG_RA_onSubReader | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 | Joe Dalton | 03/10/2022 15:03:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01 | test01 | thisScope Mg | false | false | 1234_AP_MG_RA_onSub | 1234_AP_MG_RA_onSub | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c | Policy | Custom | n/a | false | deployIfNotExists | Default | 0 | 1 | 0 | 1 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a) | 5f9ec45db52f479e940fc150 (SPObjId: 84a55248-e141-4ea6-b6ad-23791f5e8980) | 1234_APA_MG_RA_onSubOwner | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 | Joe Dalton | 03/10/2022 13:32:29 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | test01 | test01 | thisScope Mg | false | false | 1234_AP_MG_RA_onSub | 1234_AP_MG_RA_onSub | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c | Policy | Custom | n/a | false | deployIfNotExists | targetRoledefinitionId=b24988ac-6180-42a0-ab88-20f7382dd24c | Default | 0 | 1 | 0 | 1 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054) | a2d9426ccece4000b889c72f (SPObjId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7) | 1234_APA_MG_RA_onSubContr | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f | Joe Dalton | 03/10/2022 13:33:42 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01 | test01 | thisScope Mg | false | false | My_AP_MG_raOnSub | no description given | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a | Policy | Custom | RBAC | false | deployIfNotExists | targetAADObjectId=c57f8838-1603-4932-b3c4-9572feea9173, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 1 | 0 | 1 | 0 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3) | abe0212187e243e89ce5a623 (SPObjId: 41d30710-9d12-4361-ad69-ad313b2c427c) | My_AP_MG_raOnSub | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 | Joe Dalton | 03/11/2022 07:44:46 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | 03/11/2022 08:14:11 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||
| Mg | test01 | test01 | thisScope Mg | false | false | myPipelinePolicy | TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 | Policy | Custom | Cache | false | Audit | effect=Audit | Default | 0 | 0 | 0 | 0 | 0 | none | assmgtest01 | TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01 | n/a | 10/27/2021 14:40:15 | ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1 | ||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | false | false | Azure Security Benchmark | The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. | /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 | PolicySet | BuiltIn | Security Center | False | n/a | Default | 0 | 0 | 0 | 0 | 0 | none | ASC-Monitoring | ASC-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring | n/a | 01/10/2021 21:00:45 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | false | false | Deploy Azure Defender settings in Azure Security Center. | Deploys the Azure Defender settings in Azure Security Center for the specific services. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard | Policy | Custom | Security Center | true | DeployIfNotExists | pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) | Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) | Deploy-ASC-Defender | Deploy-ASC-Defender | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | false | false | Deploy Diagnostic Settings for Activity Log to Log Analytics workspace | Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog | Policy | Custom | Monitoring | true | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) | Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) | Deploy-AzActivity-Log | Deploy-AzActivity-Log | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date | /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) | Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) | Deploy-Linux-Arc-Monitoring | Deploy-Linux-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | false | false | Deploy Diagnostic Settings to Azure Services | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics | PolicySet | Custom | Monitoring | true | n/a | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) | Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) | Deploy-Resource-Diag | Deploy-Resource-Diag | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | false | false | Legacy - Enable Azure Monitor for VMs | Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) | /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) | Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) | Deploy-VM-Monitoring | Deploy-VM-Monitoring v2 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 07/09/2021 16:04:52 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | false | false | Legacy - Enable Azure Monitor for Virtual Machine Scale Sets | Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) | Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) | Deploy-VMSS-Monitoring | Deploy-VMSS-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Windows servers | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. | /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) | Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) | Deploy-Windows-Arc-Monitoring | Deploy-Windows-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | false | false | Enforce Role assignment at Subscription Scope | This Policy definition will enforce a RBAC Role assignment at Subscription scope. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope | Policy | Custom | n/a | false | deployIfNotExists | targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) | enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) | no description given | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 | n/a | 03/16/2022 23:28:22 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope Mg | false | false | Network interfaces should disable IP forwarding | This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team. | /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 | Policy | BuiltIn | Network | False | deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-IP-Forwarding | Deny-IP-Forwarding | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope Mg | false | false | Kubernetes clusters should not allow container privilege escalation | Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 | Policy | BuiltIn | Kubernetes | False | deny | effect=deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-Privileged-Escalations-AKS | Deny-Privileged-Escalations-AKS | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope Mg | false | false | Kubernetes cluster should not allow privileged containers | Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 | Policy | BuiltIn | Kubernetes | False | deny | effect=deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-Privileged-Containers-AKS | Deny-Privileged-Containers-AKS | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope Mg | false | false | RDP access from the Internet should be blocked | This policy denies any network security rule that allows RDP access from Internet | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet | Policy | Custom | Network | true | Deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-RDP-from-Internet | Deny-RDP-from-Internet | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope Mg | false | false | Secure transfer to storage accounts should be enabled | Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking | /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 | Policy | BuiltIn | Storage | False | Audit | Default | 0 | 0 | 0 | 0 | 0 | none | Enforce-Secure-Storage | Enforce-Secure-Storage | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 01/25/2021 22:26:59 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope Mg | false | false | Subnets should have a Network Security Group | This policy denies the creation of a subsnet with out an Network Security Group. NSG help to protect traffic across subnet-level. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg | Policy | Custom | Network | true | Deny | Default | 1 | 0 | 1 | 0 | 0 | none | Deny-Subnet-Without-Nsg | Deny-Subnet-Without-Nsg | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope Mg | false | false | Deploy Azure Policy Add-on to Azure Kubernetes Service clusters | Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc. | /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 | Policy | BuiltIn | Kubernetes | False | DeployIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345) | Deploy-AKS-Policy (SPObjId: fb0a7498-393f-434d-aa93-2acd144f489f) | Deploy-AKS-Policy | Deploy-AKS-Policy | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy | n/a | 01/10/2021 20:58:37 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope Mg | false | false | Auditing on SQL server should be enabled | Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. | /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 | Policy | BuiltIn | SQL | False | AuditIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) | Deploy-SQL-DB-Auditing (SPObjId: 4f3a2551-ea2f-43c6-9623-8950156d19b7) | Deploy-SQL-Audit | Deploy-SQL-Audit | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing | n/a | 01/10/2021 20:58:36 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope Mg | false | false | Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy | Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag. | /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 | Policy | BuiltIn | Backup | False | DeployIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) | Deploy-VM-Backup (SPObjId: e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2) | Deploy-VM-Backup | Deploy-VM-Backup | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup | n/a | 01/10/2021 20:58:34 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope Mg | false | false | Kubernetes clusters should be accessible only over HTTPS | Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc | /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d | Policy | BuiltIn | Kubernetes | False | deny | effect=deny | Default | 0 | 0 | 0 | 0 | 0 | none | Enforce-Https-Ingress-AKS | Enforce-Https-Ingress-AKS | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope Mg | false | false | Deploy SQL DB transparent data encryption | Enables transparent data encryption on SQL databases | /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f | Policy | BuiltIn | SQL | False | DeployIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f) | Enforce-SQL-Encryption (SPObjId: 34520a11-7b14-46a8-ac34-7d766959460a) | Deploy-SQL-Security | Deploy-SQL-Security | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | false | false | Azure Security Benchmark | The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. | /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 | PolicySet | BuiltIn | Security Center | False | n/a | Default | 45 | 9 | 17 | 1 | 0 | none | ASC-Monitoring | ASC-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring | n/a | 01/10/2021 21:00:45 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | false | false | Deploy Azure Defender settings in Azure Security Center. | Deploys the Azure Defender settings in Azure Security Center for the specific services. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard | Policy | Custom | Security Center | true | DeployIfNotExists | pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard | Default | 1 | 0 | 2 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) | Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) | Deploy-ASC-Defender | Deploy-ASC-Defender | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | false | false | Deploy Diagnostic Settings for Activity Log to Log Analytics workspace | Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog | Policy | Custom | Monitoring | true | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True | Default | 0 | 1 | 0 | 2 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) | Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) | Deploy-AzActivity-Log | Deploy-AzActivity-Log | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date | /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) | Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) | Deploy-Linux-Arc-Monitoring | Deploy-Linux-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | false | false | Deploy Diagnostic Settings to Azure Services | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics | PolicySet | Custom | Monitoring | true | n/a | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 2 | 4 | 2 | 8 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) | Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) | Deploy-Resource-Diag | Deploy-Resource-Diag | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | false | false | Legacy - Enable Azure Monitor for VMs | Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) | /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) | Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) | Deploy-VM-Monitoring | Deploy-VM-Monitoring v2 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 07/09/2021 16:04:52 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | false | false | Legacy - Enable Azure Monitor for Virtual Machine Scale Sets | Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) | Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) | Deploy-VMSS-Monitoring | Deploy-VMSS-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Windows servers | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. | /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) | Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) | Deploy-Windows-Arc-Monitoring | Deploy-Windows-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | false | false | Enforce Role assignment at Subscription Scope | This Policy definition will enforce a RBAC Role assignment at Subscription scope. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope | Policy | Custom | n/a | false | deployIfNotExists | targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 1 | 0 | 2 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) | enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) | no description given | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 | n/a | 03/16/2022 23:28:22 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | false | false | Azure Security Benchmark | The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. | /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 | PolicySet | BuiltIn | Security Center | False | n/a | Default | 34 | 7 | 9 | 1 | 0 | none | ASC-Monitoring | ASC-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring | n/a | 01/10/2021 21:00:45 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | false | false | Deploy Azure Defender settings in Azure Security Center. | Deploys the Azure Defender settings in Azure Security Center for the specific services. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard | Policy | Custom | Security Center | true | DeployIfNotExists | pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard | Default | 1 | 0 | 1 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) | Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) | Deploy-ASC-Defender | Deploy-ASC-Defender | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | false | false | Deploy Diagnostic Settings for Activity Log to Log Analytics workspace | Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog | Policy | Custom | Monitoring | true | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True | Default | 0 | 1 | 0 | 1 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) | Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) | Deploy-AzActivity-Log | Deploy-AzActivity-Log | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date | /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) | Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) | Deploy-Linux-Arc-Monitoring | Deploy-Linux-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | false | false | Deploy Diagnostic Settings to Azure Services | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics | PolicySet | Custom | Monitoring | true | n/a | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 1 | 3 | 1 | 4 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) | Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) | Deploy-Resource-Diag | Deploy-Resource-Diag | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | false | false | Legacy - Enable Azure Monitor for VMs | Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) | /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) | Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) | Deploy-VM-Monitoring | Deploy-VM-Monitoring v2 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 07/09/2021 16:04:52 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | false | false | Legacy - Enable Azure Monitor for Virtual Machine Scale Sets | Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) | Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) | Deploy-VMSS-Monitoring | Deploy-VMSS-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Windows servers | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. | /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) | Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) | Deploy-Windows-Arc-Monitoring | Deploy-Windows-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | false | false | Enforce Role assignment at Subscription Scope | This Policy definition will enforce a RBAC Role assignment at Subscription scope. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope | Policy | Custom | n/a | false | deployIfNotExists | targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 1 | 0 | 1 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) | enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) | no description given | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 | n/a | 03/16/2022 23:28:22 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | thisScope Mg | false | false | Audit VMs that do not use managed disks | This policy audits VMs that do not use managed disks | /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d | Policy | BuiltIn | Compute | False | audit | Default | 0 | 0 | 0 | 0 | 0 | none | Audit VMs that do not use managed disks | no description given | /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b1 | Joe Dalton | 05/05/2021 19:52:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | thisScope Mg | false | false | Audit VMs that do not use managed disks | This policy audits VMs that do not use managed disks | /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d | Policy | BuiltIn | Compute | False | audit | Default | 0 | 0 | 0 | 0 | 0 | none | APA Audit VMs that do not use managed disks | no description given | /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b2 | n/a | 07/06/2021 09:42:48 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | thisScope Mg | false | false | Audit VMs that do not use managed disks | This policy audits VMs that do not use managed disks | /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d | Policy | BuiltIn | Compute | False | audit | Default | 0 | 0 | 0 | 0 | 0 | none | APA2 Audit VMs that do not use managed disks | no description given | /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b3 | n/a | 07/06/2021 10:32:34 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | thisScope Mg | false | false | Audit VMs that do not use managed disks | This policy audits VMs that do not use managed disks | /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d | Policy | BuiltIn | Compute | False | audit | Default | 0 | 0 | 0 | 0 | 0 | none | APA3 Audit VMs that do not use managed disks | no description given | /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b4 | n/a | 07/06/2021 11:59:31 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | false | false | Azure Security Benchmark | The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. | /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 | PolicySet | BuiltIn | Security Center | False | n/a | Default | 0 | 0 | 0 | 0 | 0 | none | ASC-Monitoring | ASC-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring | n/a | 01/10/2021 21:00:45 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | false | false | Deploy Azure Defender settings in Azure Security Center. | Deploys the Azure Defender settings in Azure Security Center for the specific services. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard | Policy | Custom | Security Center | true | DeployIfNotExists | pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) | Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) | Deploy-ASC-Defender | Deploy-ASC-Defender | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | false | false | Deploy Diagnostic Settings for Activity Log to Log Analytics workspace | Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog | Policy | Custom | Monitoring | true | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) | Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) | Deploy-AzActivity-Log | Deploy-AzActivity-Log | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date | /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) | Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) | Deploy-Linux-Arc-Monitoring | Deploy-Linux-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | false | false | Deploy Diagnostic Settings to Azure Services | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics | PolicySet | Custom | Monitoring | true | n/a | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) | Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) | Deploy-Resource-Diag | Deploy-Resource-Diag | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | false | false | Legacy - Enable Azure Monitor for VMs | Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) | /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) | Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) | Deploy-VM-Monitoring | Deploy-VM-Monitoring v2 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 07/09/2021 16:04:52 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | false | false | Legacy - Enable Azure Monitor for Virtual Machine Scale Sets | Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) | Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) | Deploy-VMSS-Monitoring | Deploy-VMSS-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Windows servers | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. | /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) | Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) | Deploy-Windows-Arc-Monitoring | Deploy-Windows-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | false | false | Enforce Role assignment at Subscription Scope | This Policy definition will enforce a RBAC Role assignment at Subscription scope. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope | Policy | Custom | n/a | false | deployIfNotExists | targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) | enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) | no description given | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 | n/a | 03/16/2022 23:28:22 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | false | false | 1234_AP_MG_RA_onSub | 1234_AP_MG_RA_onSub | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c | Policy | Custom | n/a | false | deployIfNotExists | targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 0 | 0 | 0 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be) | 1b5ac3236f0246ef83a14435 (SPObjId: 04b9b3f5-86a7-48cf-85fd-cce9468568db) | 1234_APA_MG_RA_onSubReader | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 | Joe Dalton | 03/10/2022 15:03:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | false | false | 1234_AP_MG_RA_onSub | 1234_AP_MG_RA_onSub | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c | Policy | Custom | n/a | false | deployIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a) | 5f9ec45db52f479e940fc150 (SPObjId: 84a55248-e141-4ea6-b6ad-23791f5e8980) | 1234_APA_MG_RA_onSubOwner | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 | Joe Dalton | 03/10/2022 13:32:29 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | false | false | 1234_AP_MG_RA_onSub | 1234_AP_MG_RA_onSub | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c | Policy | Custom | n/a | false | deployIfNotExists | targetRoledefinitionId=b24988ac-6180-42a0-ab88-20f7382dd24c | Default | 0 | 0 | 0 | 0 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054) | a2d9426ccece4000b889c72f (SPObjId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7) | 1234_APA_MG_RA_onSubContr | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f | Joe Dalton | 03/10/2022 13:33:42 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | false | false | My_AP_MG_raOnSub | no description given | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a | Policy | Custom | RBAC | false | deployIfNotExists | targetAADObjectId=c57f8838-1603-4932-b3c4-9572feea9173, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 0 | 0 | 0 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3) | abe0212187e243e89ce5a623 (SPObjId: 41d30710-9d12-4361-ad69-ad313b2c427c) | My_AP_MG_raOnSub | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 | Joe Dalton | 03/11/2022 07:44:46 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | 03/11/2022 08:14:11 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | false | false | myPipelinePolicy | TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 | Policy | Custom | Cache | false | Audit | effect=Audit | Default | 0 | 0 | 0 | 0 | 0 | none | assmgtest01 | TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01 | n/a | 10/27/2021 14:40:15 | ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1 | ||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | false | false | 1234_AP_MG_RA_onSub | 1234_AP_MG_RA_onSub | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c | Policy | Custom | n/a | false | deployIfNotExists | targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 1 | 0 | 1 | 0 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be) | 1b5ac3236f0246ef83a14435 (SPObjId: 04b9b3f5-86a7-48cf-85fd-cce9468568db) | 1234_APA_MG_RA_onSubReader | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 | Joe Dalton | 03/10/2022 15:03:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | false | false | 1234_AP_MG_RA_onSub | 1234_AP_MG_RA_onSub | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c | Policy | Custom | n/a | false | deployIfNotExists | Default | 0 | 1 | 0 | 1 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a) | 5f9ec45db52f479e940fc150 (SPObjId: 84a55248-e141-4ea6-b6ad-23791f5e8980) | 1234_APA_MG_RA_onSubOwner | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 | Joe Dalton | 03/10/2022 13:32:29 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | false | false | 1234_AP_MG_RA_onSub | 1234_AP_MG_RA_onSub | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c | Policy | Custom | n/a | false | deployIfNotExists | targetRoledefinitionId=b24988ac-6180-42a0-ab88-20f7382dd24c | Default | 0 | 1 | 0 | 1 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054) | a2d9426ccece4000b889c72f (SPObjId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7) | 1234_APA_MG_RA_onSubContr | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f | Joe Dalton | 03/10/2022 13:33:42 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | false | false | My_AP_MG_raOnSub | no description given | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a | Policy | Custom | RBAC | false | deployIfNotExists | targetAADObjectId=c57f8838-1603-4932-b3c4-9572feea9173, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 1 | 0 | 1 | 0 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3) | abe0212187e243e89ce5a623 (SPObjId: 41d30710-9d12-4361-ad69-ad313b2c427c) | My_AP_MG_raOnSub | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 | Joe Dalton | 03/11/2022 07:44:46 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | 03/11/2022 08:14:11 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | false | false | myPipelinePolicy | TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 | Policy | Custom | Cache | false | Audit | effect=Audit | Default | 0 | 0 | 0 | 0 | 0 | none | assmgtest01 | TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01 | n/a | 10/27/2021 14:40:15 | ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1 | ||||||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | false | false | 1234_AP_MG_RA_onSub | 1234_AP_MG_RA_onSub | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c | Policy | Custom | n/a | false | deployIfNotExists | targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 1 | 0 | 1 | 0 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be) | 1b5ac3236f0246ef83a14435 (SPObjId: 04b9b3f5-86a7-48cf-85fd-cce9468568db) | 1234_APA_MG_RA_onSubReader | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 | Joe Dalton | 03/10/2022 15:03:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | false | false | 1234_AP_MG_RA_onSub | 1234_AP_MG_RA_onSub | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c | Policy | Custom | n/a | false | deployIfNotExists | Default | 0 | 1 | 0 | 1 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a) | 5f9ec45db52f479e940fc150 (SPObjId: 84a55248-e141-4ea6-b6ad-23791f5e8980) | 1234_APA_MG_RA_onSubOwner | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 | Joe Dalton | 03/10/2022 13:32:29 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | false | false | 1234_AP_MG_RA_onSub | 1234_AP_MG_RA_onSub | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c | Policy | Custom | n/a | false | deployIfNotExists | targetRoledefinitionId=b24988ac-6180-42a0-ab88-20f7382dd24c | Default | 0 | 1 | 0 | 1 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054) | a2d9426ccece4000b889c72f (SPObjId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7) | 1234_APA_MG_RA_onSubContr | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f | Joe Dalton | 03/10/2022 13:33:42 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | false | false | My_AP_MG_raOnSub | no description given | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a | Policy | Custom | RBAC | false | deployIfNotExists | targetAADObjectId=c57f8838-1603-4932-b3c4-9572feea9173, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 1 | 0 | 1 | 0 | 0 | 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3) | abe0212187e243e89ce5a623 (SPObjId: 41d30710-9d12-4361-ad69-ad313b2c427c) | My_AP_MG_raOnSub | no description given | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 | Joe Dalton | 03/11/2022 07:44:46 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | 03/11/2022 08:14:11 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | false | false | myPipelinePolicy | TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 | Policy | Custom | Cache | false | Audit | effect=Audit | Default | 0 | 0 | 0 | 0 | 0 | none | assmgtest01 | TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01 | n/a | 10/27/2021 14:40:15 | ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1 | ||||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | false | false | Audit VMs that do not use managed disks | This policy audits VMs that do not use managed disks | /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d | Policy | BuiltIn | Compute | False | audit | Default | VM should have a managed disk | 0 | 0 | 0 | 0 | 0 | none | Audit VMs that do not use managed disks | auditing that virtual machines use managed disk(s) | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/988739f361d84a989dfa087e | n/a | 12/31/2021 10:03:35 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | 12/31/2021 10:36:38 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | ||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | false | false | Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances | Enable Azure Defender on your SQL Servers and SQL Managed Instances to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. | /providers/microsoft.authorization/policysetdefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97 | PolicySet | BuiltIn | Security Center | False | n/a | Default | 0 | 0 | 0 | 0 | 0 | none | ASC DataProtection (subscription: a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2) | This policy assignment was automatically created by Azure Security Center | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/dataprotectionsecuritycenter | Security Center | 11/04/2021 06:36:03 | ObjectType: SP App EXT, ObjectDisplayName: Windows Azure Security Resource Provider, ObjectSignInName: n/a, ObjectId: 9ac4e379-ffb1-4e2c-ac89-3752d019abfd (rp) | |||||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | false | false | DiagSubscriptionsDim | no description given | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/68b79a92-8932-4f15-88a6-0ed2675fa157 | Policy | Custom | n/a | false | DeployIfNotExists | Alert=False, Autoscale=False, Policy=False, Recommendation=False, ResourceHealth=False, ServiceHealth=False, workspaceId=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 1 | 0 | 1 | 0 | Log Analytics Contributor (/subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/a11b5e6d-bb3d-43ea-8009-733bc510f16b), Log Analytics Contributor (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/8a2c62a5-a882-4427-af78-6c7af11325fa) | e184b6792089442786621cfe (SPObjId: 71f8ba53-97da-4880-8d02-8b22176c9317) | DiagSubscriptionsDim | no description given | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/e184b6792089442786621cfe | Joe Dalton | 06/24/2022 15:46:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||
| RG | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub RG | false | false | Flow logs should be enabled for every network security group | Audit for flow log resources to verify if flow log status is enabled. Enabling flow logs allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more. | /providers/microsoft.authorization/policydefinitions/27960feb-a23c-4577-8d36-ef8b5f35e0be | Policy | BuiltIn | Network | False | Audit | Default | flow logs should be enabled | 0 | 0 | 0 | 0 | 0 | none | Flow logs should be enabled for every network security group | no description given | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/resourcegroups/prod_p1/providers/microsoft.authorization/policyassignments/f43bb064dd1e4745814be533 | Joe Dalton | 12/31/2021 13:58:35 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||
| Mg | CUST_T5 | CUST_T5 atz | thisScope Mg | false | false | Audit VMs that do not use managed disks | This policy audits VMs that do not use managed disks | /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d | Policy | BuiltIn | Compute | False | audit | Default | 0 | 0 | 0 | 0 | 0 | none | APA Audit VMs that do not use managed disks | no description given | /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policyassignments/aa4f4fdfd3b04fb3962a9da9 | Joe Dalton | 07/15/2021 15:16:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH-sandboxes | false | false | Audit VMs that do not use managed disks | This policy audits VMs that do not use managed disks | /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d | Policy | BuiltIn | Compute | False | audit | Default | 0 | 0 | 0 | 0 | 0 | none | Audit VMs that do not use managed disks | no description given | /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b1 | Joe Dalton | 05/05/2021 19:52:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH-sandboxes | false | false | Audit VMs that do not use managed disks | This policy audits VMs that do not use managed disks | /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d | Policy | BuiltIn | Compute | False | audit | Default | 0 | 0 | 0 | 0 | 0 | none | APA Audit VMs that do not use managed disks | no description given | /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b2 | n/a | 07/06/2021 09:42:48 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH-sandboxes | false | false | Audit VMs that do not use managed disks | This policy audits VMs that do not use managed disks | /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d | Policy | BuiltIn | Compute | False | audit | Default | 0 | 0 | 0 | 0 | 0 | none | APA2 Audit VMs that do not use managed disks | no description given | /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b3 | n/a | 07/06/2021 10:32:34 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH-sandboxes | false | false | Audit VMs that do not use managed disks | This policy audits VMs that do not use managed disks | /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d | Policy | BuiltIn | Compute | False | audit | Default | 0 | 0 | 0 | 0 | 0 | none | APA3 Audit VMs that do not use managed disks | no description given | /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b4 | n/a | 07/06/2021 11:59:31 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | false | false | Azure Security Benchmark | The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. | /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 | PolicySet | BuiltIn | Security Center | False | n/a | Default | 0 | 0 | 0 | 0 | 0 | none | ASC-Monitoring | ASC-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring | n/a | 01/10/2021 21:00:45 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | false | false | Deploy Azure Defender settings in Azure Security Center. | Deploys the Azure Defender settings in Azure Security Center for the specific services. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard | Policy | Custom | Security Center | true | DeployIfNotExists | pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) | Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) | Deploy-ASC-Defender | Deploy-ASC-Defender | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | false | false | Deploy Diagnostic Settings for Activity Log to Log Analytics workspace | Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog | Policy | Custom | Monitoring | true | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) | Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) | Deploy-AzActivity-Log | Deploy-AzActivity-Log | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date | /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) | Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) | Deploy-Linux-Arc-Monitoring | Deploy-Linux-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | false | false | Deploy Diagnostic Settings to Azure Services | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics | PolicySet | Custom | Monitoring | true | n/a | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) | Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) | Deploy-Resource-Diag | Deploy-Resource-Diag | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | false | false | Legacy - Enable Azure Monitor for VMs | Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) | /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) | Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) | Deploy-VM-Monitoring | Deploy-VM-Monitoring v2 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 07/09/2021 16:04:52 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | false | false | Legacy - Enable Azure Monitor for Virtual Machine Scale Sets | Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) | Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) | Deploy-VMSS-Monitoring | Deploy-VMSS-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Windows servers | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. | /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) | Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) | Deploy-Windows-Arc-Monitoring | Deploy-Windows-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | false | false | Enforce Role assignment at Subscription Scope | This Policy definition will enforce a RBAC Role assignment at Subscription scope. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope | Policy | Custom | n/a | false | deployIfNotExists | targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) | enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) | no description given | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 | n/a | 03/16/2022 23:28:22 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | ESJH-management | ESJH-management | thisScope Mg | false | false | Deploy the Log Analytics in the subscription | Deploys Log Analytics and Automation account to the subscription where the policy is assigned. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-log-analytics | Policy | Custom | Monitoring | true | DeployIfNotExists | automationAccountName=ESJH-a-f28ba982-5ed0-4033-9bdf-e45e4b5df466, automationRegion=westeurope, retentionInDays=30, rgName=ESJH-mgmt, workspaceName=ESJH-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, workspaceRegion=westeurope | Default | 0 | 1 | 0 | 1 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/b95d2309-e3d0-5961-bef8-a3e75deca49a) | Deploy-Log-Analytics (SPObjId: 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5) | Deploy-Log-Analytics | Deploy-Log-Analytics | /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics | n/a | 01/10/2021 20:58:37 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-management | ESJH-management | inherited ESJH | false | false | Azure Security Benchmark | The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. | /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 | PolicySet | BuiltIn | Security Center | False | n/a | Default | 34 | 7 | 9 | 1 | 0 | none | ASC-Monitoring | ASC-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring | n/a | 01/10/2021 21:00:45 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-management | ESJH-management | inherited ESJH | false | false | Deploy Azure Defender settings in Azure Security Center. | Deploys the Azure Defender settings in Azure Security Center for the specific services. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard | Policy | Custom | Security Center | true | DeployIfNotExists | pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard | Default | 1 | 0 | 1 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) | Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) | Deploy-ASC-Defender | Deploy-ASC-Defender | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-management | ESJH-management | inherited ESJH | false | false | Deploy Diagnostic Settings for Activity Log to Log Analytics workspace | Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog | Policy | Custom | Monitoring | true | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True | Default | 0 | 1 | 0 | 1 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) | Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) | Deploy-AzActivity-Log | Deploy-AzActivity-Log | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-management | ESJH-management | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date | /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) | Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) | Deploy-Linux-Arc-Monitoring | Deploy-Linux-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-management | ESJH-management | inherited ESJH | false | false | Deploy Diagnostic Settings to Azure Services | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics | PolicySet | Custom | Monitoring | true | n/a | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 1 | 3 | 1 | 4 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) | Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) | Deploy-Resource-Diag | Deploy-Resource-Diag | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-management | ESJH-management | inherited ESJH | false | false | Legacy - Enable Azure Monitor for VMs | Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) | /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) | Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) | Deploy-VM-Monitoring | Deploy-VM-Monitoring v2 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 07/09/2021 16:04:52 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||
| Mg | ESJH-management | ESJH-management | inherited ESJH | false | false | Legacy - Enable Azure Monitor for Virtual Machine Scale Sets | Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) | Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) | Deploy-VMSS-Monitoring | Deploy-VMSS-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-management | ESJH-management | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Windows servers | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. | /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) | Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) | Deploy-Windows-Arc-Monitoring | Deploy-Windows-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-management | ESJH-management | inherited ESJH | false | false | Enforce Role assignment at Subscription Scope | This Policy definition will enforce a RBAC Role assignment at Subscription scope. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope | Policy | Custom | n/a | false | deployIfNotExists | targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 1 | 0 | 1 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) | enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) | no description given | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 | n/a | 03/16/2022 23:28:22 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Sub | ESJH-management | ESJH-management | f28ba982-5ed0-4033-9bdf-e45e4b5df466 | management | inherited ESJH-management | false | false | Deploy the Log Analytics in the subscription | Deploys Log Analytics and Automation account to the subscription where the policy is assigned. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-log-analytics | Policy | Custom | Monitoring | true | DeployIfNotExists | automationAccountName=ESJH-a-f28ba982-5ed0-4033-9bdf-e45e4b5df466, automationRegion=westeurope, retentionInDays=30, rgName=ESJH-mgmt, workspaceName=ESJH-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, workspaceRegion=westeurope | Default | 0 | 1 | 0 | 1 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/b95d2309-e3d0-5961-bef8-a3e75deca49a) | Deploy-Log-Analytics (SPObjId: 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5) | Deploy-Log-Analytics | Deploy-Log-Analytics | /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics | n/a | 01/10/2021 20:58:37 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-management | ESJH-management | f28ba982-5ed0-4033-9bdf-e45e4b5df466 | management | inherited ESJH | false | false | Azure Security Benchmark | The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. | /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 | PolicySet | BuiltIn | Security Center | False | n/a | Default | 34 | 7 | 9 | 1 | 0 | none | ASC-Monitoring | ASC-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring | n/a | 01/10/2021 21:00:45 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Sub | ESJH-management | ESJH-management | f28ba982-5ed0-4033-9bdf-e45e4b5df466 | management | inherited ESJH | false | false | Deploy Azure Defender settings in Azure Security Center. | Deploys the Azure Defender settings in Azure Security Center for the specific services. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard | Policy | Custom | Security Center | true | DeployIfNotExists | pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard | Default | 1 | 0 | 1 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) | Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) | Deploy-ASC-Defender | Deploy-ASC-Defender | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-management | ESJH-management | f28ba982-5ed0-4033-9bdf-e45e4b5df466 | management | inherited ESJH | false | false | Deploy Diagnostic Settings for Activity Log to Log Analytics workspace | Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog | Policy | Custom | Monitoring | true | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True | Default | 0 | 1 | 0 | 1 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) | Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) | Deploy-AzActivity-Log | Deploy-AzActivity-Log | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-management | ESJH-management | f28ba982-5ed0-4033-9bdf-e45e4b5df466 | management | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date | /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) | Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) | Deploy-Linux-Arc-Monitoring | Deploy-Linux-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-management | ESJH-management | f28ba982-5ed0-4033-9bdf-e45e4b5df466 | management | inherited ESJH | false | false | Deploy Diagnostic Settings to Azure Services | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics | PolicySet | Custom | Monitoring | true | n/a | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 1 | 3 | 1 | 4 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) | Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) | Deploy-Resource-Diag | Deploy-Resource-Diag | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-management | ESJH-management | f28ba982-5ed0-4033-9bdf-e45e4b5df466 | management | inherited ESJH | false | false | Legacy - Enable Azure Monitor for VMs | Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) | /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) | Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) | Deploy-VM-Monitoring | Deploy-VM-Monitoring v2 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 07/09/2021 16:04:52 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |
| Sub | ESJH-management | ESJH-management | f28ba982-5ed0-4033-9bdf-e45e4b5df466 | management | inherited ESJH | false | false | Legacy - Enable Azure Monitor for Virtual Machine Scale Sets | Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) | Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) | Deploy-VMSS-Monitoring | Deploy-VMSS-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-management | ESJH-management | f28ba982-5ed0-4033-9bdf-e45e4b5df466 | management | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Windows servers | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. | /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) | Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) | Deploy-Windows-Arc-Monitoring | Deploy-Windows-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-management | ESJH-management | f28ba982-5ed0-4033-9bdf-e45e4b5df466 | management | inherited ESJH | false | false | Enforce Role assignment at Subscription Scope | This Policy definition will enforce a RBAC Role assignment at Subscription scope. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope | Policy | Custom | n/a | false | deployIfNotExists | targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 1 | 0 | 1 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) | enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) | no description given | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 | n/a | 03/16/2022 23:28:22 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||
| Sub | ESJH-management | ESJH-management | f28ba982-5ed0-4033-9bdf-e45e4b5df466 | management | thisScope Sub | false | false | 1234_API_MG_RA_onRG_(1234_RG_CUST) | Creates RoleAssigment on RG | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust) | PolicySet | Custom | 1234_RgRoleAssignment | false | n/a | aadObjectIdGroup=2aa667c2-7395-404a-8000-3f7b675680d4, aadObjectIdServicePrincipal=506ae68a-a1f7-42f7-9285-c54ef56a3006, roleDefinitionIdGroup=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c, roleDefinitionIdServicePrincipal=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e9) | 1234_APA_Sub_RoleAssignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466 (SPObjId: 266be8b1-7aa5-466c-b0d0-8010d97473c4) | no description given | /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466 | n/a | 09/15/2021 12:33:38 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | ||||
| Mg | ESJH-online | ESJH-online | inherited ESJH-landingzones | false | false | Network interfaces should disable IP forwarding | This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team. | /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 | Policy | BuiltIn | Network | False | deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-IP-Forwarding | Deny-IP-Forwarding | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-online | ESJH-online | inherited ESJH-landingzones | false | false | Kubernetes clusters should not allow container privilege escalation | Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 | Policy | BuiltIn | Kubernetes | False | deny | effect=deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-Privileged-Escalations-AKS | Deny-Privileged-Escalations-AKS | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||||
| Mg | ESJH-online | ESJH-online | inherited ESJH-landingzones | false | false | Kubernetes cluster should not allow privileged containers | Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 | Policy | BuiltIn | Kubernetes | False | deny | effect=deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-Privileged-Containers-AKS | Deny-Privileged-Containers-AKS | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||||
| Mg | ESJH-online | ESJH-online | inherited ESJH-landingzones | false | false | RDP access from the Internet should be blocked | This policy denies any network security rule that allows RDP access from Internet | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet | Policy | Custom | Network | true | Deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-RDP-from-Internet | Deny-RDP-from-Internet | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-online | ESJH-online | inherited ESJH-landingzones | false | false | Secure transfer to storage accounts should be enabled | Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking | /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 | Policy | BuiltIn | Storage | False | Audit | Default | 0 | 0 | 0 | 0 | 0 | none | Enforce-Secure-Storage | Enforce-Secure-Storage | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 01/25/2021 22:26:59 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-online | ESJH-online | inherited ESJH-landingzones | false | false | Subnets should have a Network Security Group | This policy denies the creation of a subsnet with out an Network Security Group. NSG help to protect traffic across subnet-level. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg | Policy | Custom | Network | true | Deny | Default | 1 | 0 | 1 | 0 | 0 | none | Deny-Subnet-Without-Nsg | Deny-Subnet-Without-Nsg | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-online | ESJH-online | inherited ESJH-landingzones | false | false | Deploy Azure Policy Add-on to Azure Kubernetes Service clusters | Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc. | /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 | Policy | BuiltIn | Kubernetes | False | DeployIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345) | Deploy-AKS-Policy (SPObjId: fb0a7498-393f-434d-aa93-2acd144f489f) | Deploy-AKS-Policy | Deploy-AKS-Policy | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy | n/a | 01/10/2021 20:58:37 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||||
| Mg | ESJH-online | ESJH-online | inherited ESJH-landingzones | false | false | Auditing on SQL server should be enabled | Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. | /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 | Policy | BuiltIn | SQL | False | AuditIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) | Deploy-SQL-DB-Auditing (SPObjId: 4f3a2551-ea2f-43c6-9623-8950156d19b7) | Deploy-SQL-Audit | Deploy-SQL-Audit | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing | n/a | 01/10/2021 20:58:36 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||||
| Mg | ESJH-online | ESJH-online | inherited ESJH-landingzones | false | false | Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy | Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag. | /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 | Policy | BuiltIn | Backup | False | DeployIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) | Deploy-VM-Backup (SPObjId: e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2) | Deploy-VM-Backup | Deploy-VM-Backup | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup | n/a | 01/10/2021 20:58:34 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||||
| Mg | ESJH-online | ESJH-online | inherited ESJH-landingzones | false | false | Kubernetes clusters should be accessible only over HTTPS | Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc | /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d | Policy | BuiltIn | Kubernetes | False | deny | effect=deny | Default | 0 | 0 | 0 | 0 | 0 | none | Enforce-Https-Ingress-AKS | Enforce-Https-Ingress-AKS | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||||
| Mg | ESJH-online | ESJH-online | inherited ESJH-landingzones | false | false | Deploy SQL DB transparent data encryption | Enables transparent data encryption on SQL databases | /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f | Policy | BuiltIn | SQL | False | DeployIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f) | Enforce-SQL-Encryption (SPObjId: 34520a11-7b14-46a8-ac34-7d766959460a) | Deploy-SQL-Security | Deploy-SQL-Security | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||||
| Mg | ESJH-online | ESJH-online | inherited ESJH | false | false | Azure Security Benchmark | The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. | /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 | PolicySet | BuiltIn | Security Center | False | n/a | Default | 45 | 9 | 17 | 1 | 0 | none | ASC-Monitoring | ASC-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring | n/a | 01/10/2021 21:00:45 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-online | ESJH-online | inherited ESJH | false | false | Deploy Azure Defender settings in Azure Security Center. | Deploys the Azure Defender settings in Azure Security Center for the specific services. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard | Policy | Custom | Security Center | true | DeployIfNotExists | pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard | Default | 1 | 0 | 2 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) | Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) | Deploy-ASC-Defender | Deploy-ASC-Defender | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-online | ESJH-online | inherited ESJH | false | false | Deploy Diagnostic Settings for Activity Log to Log Analytics workspace | Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog | Policy | Custom | Monitoring | true | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True | Default | 0 | 1 | 0 | 2 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) | Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) | Deploy-AzActivity-Log | Deploy-AzActivity-Log | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-online | ESJH-online | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date | /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) | Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) | Deploy-Linux-Arc-Monitoring | Deploy-Linux-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-online | ESJH-online | inherited ESJH | false | false | Deploy Diagnostic Settings to Azure Services | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics | PolicySet | Custom | Monitoring | true | n/a | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 2 | 4 | 2 | 8 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) | Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) | Deploy-Resource-Diag | Deploy-Resource-Diag | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-online | ESJH-online | inherited ESJH | false | false | Legacy - Enable Azure Monitor for VMs | Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) | /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) | Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) | Deploy-VM-Monitoring | Deploy-VM-Monitoring v2 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 07/09/2021 16:04:52 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||
| Mg | ESJH-online | ESJH-online | inherited ESJH | false | false | Legacy - Enable Azure Monitor for Virtual Machine Scale Sets | Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) | Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) | Deploy-VMSS-Monitoring | Deploy-VMSS-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-online | ESJH-online | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Windows servers | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. | /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) | Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) | Deploy-Windows-Arc-Monitoring | Deploy-Windows-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Mg | ESJH-online | ESJH-online | inherited ESJH | false | false | Enforce Role assignment at Subscription Scope | This Policy definition will enforce a RBAC Role assignment at Subscription scope. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope | Policy | Custom | n/a | false | deployIfNotExists | targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 1 | 0 | 2 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) | enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) | no description given | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 | n/a | 03/16/2022 23:28:22 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH-landingzones | false | false | Network interfaces should disable IP forwarding | This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team. | /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 | Policy | BuiltIn | Network | False | deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-IP-Forwarding | Deny-IP-Forwarding | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH-landingzones | false | false | Kubernetes clusters should not allow container privilege escalation | Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 | Policy | BuiltIn | Kubernetes | False | deny | effect=deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-Privileged-Escalations-AKS | Deny-Privileged-Escalations-AKS | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH-landingzones | false | false | Kubernetes cluster should not allow privileged containers | Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 | Policy | BuiltIn | Kubernetes | False | deny | effect=deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-Privileged-Containers-AKS | Deny-Privileged-Containers-AKS | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH-landingzones | false | false | RDP access from the Internet should be blocked | This policy denies any network security rule that allows RDP access from Internet | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet | Policy | Custom | Network | true | Deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-RDP-from-Internet | Deny-RDP-from-Internet | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH-landingzones | true | false | Secure transfer to storage accounts should be enabled | Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking | /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 | Policy | BuiltIn | Storage | False | Audit | Default | 0 | 0 | 0 | 0 | 0 | none | Enforce-Secure-Storage | Enforce-Secure-Storage | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 01/25/2021 22:26:59 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH-landingzones | false | false | Subnets should have a Network Security Group | This policy denies the creation of a subsnet with out an Network Security Group. NSG help to protect traffic across subnet-level. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg | Policy | Custom | Network | true | Deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-Subnet-Without-Nsg | Deny-Subnet-Without-Nsg | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH-landingzones | false | false | Deploy Azure Policy Add-on to Azure Kubernetes Service clusters | Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc. | /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 | Policy | BuiltIn | Kubernetes | False | DeployIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345) | Deploy-AKS-Policy (SPObjId: fb0a7498-393f-434d-aa93-2acd144f489f) | Deploy-AKS-Policy | Deploy-AKS-Policy | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy | n/a | 01/10/2021 20:58:37 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH-landingzones | false | false | Auditing on SQL server should be enabled | Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. | /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 | Policy | BuiltIn | SQL | False | AuditIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) | Deploy-SQL-DB-Auditing (SPObjId: 4f3a2551-ea2f-43c6-9623-8950156d19b7) | Deploy-SQL-Audit | Deploy-SQL-Audit | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing | n/a | 01/10/2021 20:58:36 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH-landingzones | false | false | Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy | Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag. | /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 | Policy | BuiltIn | Backup | False | DeployIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) | Deploy-VM-Backup (SPObjId: e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2) | Deploy-VM-Backup | Deploy-VM-Backup | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup | n/a | 01/10/2021 20:58:34 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH-landingzones | false | false | Kubernetes clusters should be accessible only over HTTPS | Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc | /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d | Policy | BuiltIn | Kubernetes | False | deny | effect=deny | Default | 0 | 0 | 0 | 0 | 0 | none | Enforce-Https-Ingress-AKS | Enforce-Https-Ingress-AKS | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH-landingzones | false | false | Deploy SQL DB transparent data encryption | Enables transparent data encryption on SQL databases | /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f | Policy | BuiltIn | SQL | False | DeployIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f) | Enforce-SQL-Encryption (SPObjId: 34520a11-7b14-46a8-ac34-7d766959460a) | Deploy-SQL-Security | Deploy-SQL-Security | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH | false | false | Azure Security Benchmark | The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. | /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 | PolicySet | BuiltIn | Security Center | False | n/a | Default | 37 | 7 | 10 | 1 | 0 | none | ASC-Monitoring | ASC-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring | n/a | 01/10/2021 21:00:45 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH | false | false | Deploy Azure Defender settings in Azure Security Center. | Deploys the Azure Defender settings in Azure Security Center for the specific services. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard | Policy | Custom | Security Center | true | DeployIfNotExists | pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard | Default | 1 | 0 | 1 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) | Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) | Deploy-ASC-Defender | Deploy-ASC-Defender | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH | false | false | Deploy Diagnostic Settings for Activity Log to Log Analytics workspace | Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog | Policy | Custom | Monitoring | true | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True | Default | 0 | 1 | 0 | 1 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) | Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) | Deploy-AzActivity-Log | Deploy-AzActivity-Log | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date | /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) | Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) | Deploy-Linux-Arc-Monitoring | Deploy-Linux-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH | false | false | Deploy Diagnostic Settings to Azure Services | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics | PolicySet | Custom | Monitoring | true | n/a | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 1 | 2 | 1 | 3 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) | Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) | Deploy-Resource-Diag | Deploy-Resource-Diag | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH | false | false | Legacy - Enable Azure Monitor for VMs | Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) | /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) | Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) | Deploy-VM-Monitoring | Deploy-VM-Monitoring v2 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 07/09/2021 16:04:52 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH | false | false | Legacy - Enable Azure Monitor for Virtual Machine Scale Sets | Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) | Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) | Deploy-VMSS-Monitoring | Deploy-VMSS-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Windows servers | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. | /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) | Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) | Deploy-Windows-Arc-Monitoring | Deploy-Windows-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | inherited ESJH | false | false | Enforce Role assignment at Subscription Scope | This Policy definition will enforce a RBAC Role assignment at Subscription scope. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope | Policy | Custom | n/a | false | deployIfNotExists | targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 1 | 0 | 1 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) | enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) | no description given | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 | n/a | 03/16/2022 23:28:22 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | thisScope Sub | false | false | 1234_API_MG_RA_onRG_(1234_RG_CUST) | Creates RoleAssigment on RG | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust) | PolicySet | Custom | 1234_RgRoleAssignment | false | n/a | aadObjectIdGroup=2aa667c2-7395-404a-8000-3f7b675680d4, aadObjectIdServicePrincipal=506ae68a-a1f7-42f7-9285-c54ef56a3006, roleDefinitionIdGroup=/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c, roleDefinitionIdServicePrincipal=/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 2 | 0 | 1 | 0 | Owner (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e8) | 1234_APA_Sub_RoleAssignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f (SPObjId: 06683a54-86ee-4248-9c50-4b3c47b855be) | no description given | /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f | n/a | 09/14/2021 16:55:57 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | thisScope Sub | false | false | [Deprecated]: Function App should only be accessible over HTTPS | Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. | /providers/microsoft.authorization/policydefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55 | Policy | BuiltIn | Security Center | False | AuditIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | none | testDeprecatedAssignment | no description given | /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/bcdd1466e4fc5114b6e5f13d | n/a | 07/18/2021 15:09:28 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||||
| Sub | ESJH-online | ESJH-online | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | landingZone | thisScope Sub | false | false | Audit virtual machines without disaster recovery configured | Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc. | /providers/microsoft.authorization/policydefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 | Policy | BuiltIn | Compute | False | auditIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | none | Audit virtual machines without disaster recovery configured | no description given | /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/bcee1466e4fc4114b5e5f03d | Joe Dalton | 06/16/2021 16:07:53 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH-landingzones | false | false | Network interfaces should disable IP forwarding | This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team. | /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 | Policy | BuiltIn | Network | False | deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-IP-Forwarding | Deny-IP-Forwarding | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH-landingzones | false | false | Kubernetes clusters should not allow container privilege escalation | Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 | Policy | BuiltIn | Kubernetes | False | deny | effect=deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-Privileged-Escalations-AKS | Deny-Privileged-Escalations-AKS | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH-landingzones | false | false | Kubernetes cluster should not allow privileged containers | Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. | /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 | Policy | BuiltIn | Kubernetes | False | deny | effect=deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-Privileged-Containers-AKS | Deny-Privileged-Containers-AKS | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH-landingzones | false | false | RDP access from the Internet should be blocked | This policy denies any network security rule that allows RDP access from Internet | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet | Policy | Custom | Network | true | Deny | Default | 0 | 0 | 0 | 0 | 0 | none | Deny-RDP-from-Internet | Deny-RDP-from-Internet | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH-landingzones | false | false | Secure transfer to storage accounts should be enabled | Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking | /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 | Policy | BuiltIn | Storage | False | Audit | Default | 0 | 0 | 0 | 0 | 0 | none | Enforce-Secure-Storage | Enforce-Secure-Storage | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 01/25/2021 22:26:59 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH-landingzones | false | false | Subnets should have a Network Security Group | This policy denies the creation of a subsnet with out an Network Security Group. NSG help to protect traffic across subnet-level. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg | Policy | Custom | Network | true | Deny | Default | 1 | 0 | 1 | 0 | 0 | none | Deny-Subnet-Without-Nsg | Deny-Subnet-Without-Nsg | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg | n/a | 01/10/2021 20:58:32 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH-landingzones | false | false | Deploy Azure Policy Add-on to Azure Kubernetes Service clusters | Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc. | /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 | Policy | BuiltIn | Kubernetes | False | DeployIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345) | Deploy-AKS-Policy (SPObjId: fb0a7498-393f-434d-aa93-2acd144f489f) | Deploy-AKS-Policy | Deploy-AKS-Policy | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy | n/a | 01/10/2021 20:58:37 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH-landingzones | false | false | Auditing on SQL server should be enabled | Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. | /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 | Policy | BuiltIn | SQL | False | AuditIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) | Deploy-SQL-DB-Auditing (SPObjId: 4f3a2551-ea2f-43c6-9623-8950156d19b7) | Deploy-SQL-Audit | Deploy-SQL-Audit | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing | n/a | 01/10/2021 20:58:36 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH-landingzones | false | false | Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy | Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag. | /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 | Policy | BuiltIn | Backup | False | DeployIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) | Deploy-VM-Backup (SPObjId: e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2) | Deploy-VM-Backup | Deploy-VM-Backup | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup | n/a | 01/10/2021 20:58:34 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH-landingzones | false | false | Kubernetes clusters should be accessible only over HTTPS | Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc | /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d | Policy | BuiltIn | Kubernetes | False | deny | effect=deny | Default | 0 | 0 | 0 | 0 | 0 | none | Enforce-Https-Ingress-AKS | Enforce-Https-Ingress-AKS | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH-landingzones | false | false | Deploy SQL DB transparent data encryption | Enables transparent data encryption on SQL databases | /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f | Policy | BuiltIn | SQL | False | DeployIfNotExists | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f) | Enforce-SQL-Encryption (SPObjId: 34520a11-7b14-46a8-ac34-7d766959460a) | Deploy-SQL-Security | Deploy-SQL-Security | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption | n/a | 01/10/2021 20:58:33 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH | false | false | Azure Security Benchmark | The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. | /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 | PolicySet | BuiltIn | Security Center | False | n/a | Default | 38 | 4 | 7 | 0 | 0 | none | ASC-Monitoring | ASC-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring | n/a | 01/10/2021 21:00:45 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH | false | false | Deploy Azure Defender settings in Azure Security Center. | Deploys the Azure Defender settings in Azure Security Center for the specific services. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard | Policy | Custom | Security Center | true | DeployIfNotExists | pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard | Default | 1 | 0 | 1 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) | Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) | Deploy-ASC-Defender | Deploy-ASC-Defender | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH | false | false | Deploy Diagnostic Settings for Activity Log to Log Analytics workspace | Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog | Policy | Custom | Monitoring | true | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True | Default | 0 | 1 | 0 | 1 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) | Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) | Deploy-AzActivity-Log | Deploy-AzActivity-Log | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date | /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) | Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) | Deploy-Linux-Arc-Monitoring | Deploy-Linux-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH | false | false | Deploy Diagnostic Settings to Azure Services | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics | PolicySet | Custom | Monitoring | true | n/a | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 1 | 3 | 1 | 5 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) | Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) | Deploy-Resource-Diag | Deploy-Resource-Diag | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH | false | false | Legacy - Enable Azure Monitor for VMs | Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) | /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) | Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) | Deploy-VM-Monitoring | Deploy-VM-Monitoring v2 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring | n/a | 01/10/2021 21:00:44 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | 07/09/2021 16:04:52 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH | false | false | Legacy - Enable Azure Monitor for Virtual Machine Scale Sets | Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. | /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad | PolicySet | BuiltIn | Monitoring | False | n/a | logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) | Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) | Deploy-VMSS-Monitoring | Deploy-VMSS-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH | false | false | Configure Log Analytics extension on Azure Arc enabled Windows servers | Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. | /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 | Policy | BuiltIn | Monitoring | False | DeployIfNotExists | logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 | Default | 0 | 0 | 0 | 0 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) | Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) | Deploy-Windows-Arc-Monitoring | Deploy-Windows-Arc-Monitoring | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring | n/a | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||
| Sub | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | inherited ESJH | false | false | Enforce Role assignment at Subscription Scope | This Policy definition will enforce a RBAC Role assignment at Subscription scope. | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope | Policy | Custom | n/a | false | deployIfNotExists | targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 | Default | 0 | 1 | 0 | 1 | 0 | Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) | enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) | no description given | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 | n/a | 03/16/2022 23:28:22 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||
| RG | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | thisScope Sub RG | false | false | Deny the creation of private DNS - cust | This policy denies the creation of a private DNS in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/53568753-a797-45d7-a552-d55f4a398bbb | Policy | Custom | Network-custom | true | Deny | Default | creation of private DNS prohibited | 0 | 0 | 0 | 0 | 0 | none | Deny the creation of private DNS - cust | no description given | /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/nsg/providers/microsoft.authorization/policyassignments/d1212de8a8fd4184a8965eea | Joe Dalton | 05/02/2022 07:02:22 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||
| RG | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | thisScope Sub RG | false | false | API - Deny the creation of private DNS - cust | no description given | /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policysetdefinitions/ee6248fccddc45b59624ac8f | PolicySet | Custom | Network-custom | false | n/a | Default | 0 | 0 | 0 | 0 | 0 | none | API - Deny the creation of private DNS - cust | no description given | /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/nsg/providers/microsoft.authorization/policyassignments/fab7aac62c1d419d87835c61 | Joe Dalton | 05/02/2022 07:08:06 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| RG | ESJH-online | ESJH-online | 20217969-e578-4e91-beea-9bcf18b05a7e | payg1 | thisScope Sub RG | false | false | 1234Deny-ra-if-SPObjectId | no description given | /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/providers/microsoft.authorization/policydefinitions/8a9070c4-7eec-4b78-b044-62c20a06d1de | Policy | Custom | n/a | false | deny | Default | 1 | 0 | 1 | 0 | 0 | none | 1234Deny-ra-if-SPObjectId | no description given | /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/protectedresources/providers/microsoft.authorization/policyassignments/fa0ac64635d34f42b8e052ba | Joe Dalton | 03/17/2022 15:07:17 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a |
Download CSV semicolon | comma
| Role Name | RoleId | Assignable Scopes | Data | CreatedOn | CreatedBy | UpdatedOn | UpdatedBy |
|---|---|---|---|---|---|---|---|
| 1234 PolicyAutomation 4rbacOnSubTest | 685f2869-7bab-4ecd-9826-ade9cd454354 | 1 (/providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638) | false | 03/10/2022 07:28:00 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| 1234 RoleAssignment | bd9c9644-eade-4ab3-aaef-ac26fa369586 | 1 (/providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638) | false | 08/31/2021 06:10:14 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | 1 (/providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638) | false | 03/10/2022 13:28:32 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | 03/11/2022 07:49:42 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a |
| Contributor-0433 | fcce8aa9-b8ea-4d43-a930-af0cf1fdbc55 | 1 (/subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e) | false | 05/02/2022 05:05:18 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| CustRole_P_9982_176 | 6b44d6da-5658-444e-a36d-ce64b14011ab | 1 (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466) | false | 05/18/2021 18:03:13 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | 05/18/2021 18:23:40 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 |
| CustRole_P_9982_178 | fc14b032-e6e8-440b-a328-f55918e8c83e | 2 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f, /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466) | false | 06/16/2021 10:10:06 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| Task4638Role | 8808ebf9-4602-4635-a9b8-6c0f002695be | 1 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f) | false | 01/25/2021 22:22:09 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | ||
| test_ReaderRestricted | 5cceafe8-fd60-4928-8fd3-c936158ad756 | 1 (/subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2) | false | 12/31/2021 11:21:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| testRole3366 | f548f1ea-48f1-4a74-9061-b5dacacf514a | 1 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f) | false | 07/18/2021 15:22:38 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | 07/19/2021 19:45:44 | ObjectType: User Member, ObjectDisplayName: Jack Dalton, ObjectSignInName: JackDalton@AzGovViz.onmicrosoft.com, ObjectId: c64d2776-a210-428f-b54f-a4a5dd7f8ef8 |
| testRole3367 | f7028056-3a12-43ac-a499-0d1844a02240 | 1 (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466) | false | 08/04/2021 15:34:15 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||
| testRole3368 | 08a2d627-a94e-461e-8350-432b457d00a3 | 1 (/providers/microsoft.management/managementgroups/esjhdev) | false | 08/04/2021 15:36:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a |
Download CSV semicolon | comma
| Role Name | RoleId | Assignable Scopes |
|---|---|---|
| 1234 PolicyAutomation 4rbacOnSubTest | 685f2869-7bab-4ecd-9826-ade9cd454354 | 1 (/providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638) |
| 1234 RoleAssignment | bd9c9644-eade-4ab3-aaef-ac26fa369586 | 1 (/providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638) |
| Contributor-0433 | fcce8aa9-b8ea-4d43-a930-af0cf1fdbc55 | 1 (/subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e) |
| CustRole_P_9982_176 | 6b44d6da-5658-444e-a36d-ce64b14011ab | 1 (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466) |
| CustRole_P_9982_178 | fc14b032-e6e8-440b-a328-f55918e8c83e | 2 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f, /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466) |
| Task4638Role | 8808ebf9-4602-4635-a9b8-6c0f002695be | 1 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f) |
| test_ReaderRestricted | 5cceafe8-fd60-4928-8fd3-c936158ad756 | 1 (/subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2) |
| testRole3366 | f548f1ea-48f1-4a74-9061-b5dacacf514a | 1 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f) |
| testRole3367 | f7028056-3a12-43ac-a499-0d1844a02240 | 1 (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466) |
| testRole3368 | 08a2d627-a94e-461e-8350-432b457d00a3 | 1 (/providers/microsoft.management/managementgroups/esjhdev) |
Download CSV semicolon | comma
| Role AssignmentId | Role Name | RoleId | Impacted Mg/Sub |
|---|---|---|---|
| /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Mg: 14; Sub: 4 |
| /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Mg: 3; Sub: 1 |
Download CSV semicolon | comma
| Subscription | SubscriptionId | MgPath | Role | Identity |
|---|---|---|---|---|
| landingZone | 4dfa3b56-55bf-4059-802a-24e44a4fb60f | 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f | ServiceAdministrator | its.joe.dalton@azgovviz.net |
| management | f28ba982-5ed0-4033-9bdf-e45e4b5df466 | 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 | ServiceAdministrator | its.joe.dalton@azgovviz.net |
| payg0 | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | ServiceAdministrator | its.joe.dalton@azgovviz.net |
Download CSV semicolon | comma
*Depending on the number of rows and your computer´s performance the table may respond with delay, download the csv for better filtering experience
*Depending on the number of rows and your computer´s performance the table may respond with delay, download the csv for better filtering experience
| Scope | Management Group Id | Management Group Name | SubscriptionId | Subscription Name | Assignment Scope | Role | Role Id | Role Type | Data | Can do Role assignment | Identity Displayname | Identity SignInName | Identity ObjectId | Identity Type | Applicability | Applies through membership | Group Details | PIM | PIM assignment type | PIM start | PIM end | Role AssignmentId | Related Policy Assignment | CreatedOn | CreatedBy |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ten | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | inherited Tenant | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 | none | 01/10/2021 20:27:23 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | inherited Tenant | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 | none | 01/10/2021 20:51:03 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | thisScope MG | Resource Policy Contributor | 36243c78-bf99-498c-9df9-86d9f8d28608 | Builtin | false | False | PolicyPipeline | n/a | 90003bac-487c-4351-ad41-ed1f9e0446c1 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea | none | 10/27/2021 11:18:15 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b | none | 07/06/2021 12:42:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d | none | 06/16/2021 13:58:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | thisScope MG | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizSPARK | n/a | 527c7ca6-7a74-4b5d-bde2-7465ebb9915a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac | none | 02/15/2022 14:42:34 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | thisScope MG | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzAdServicePrincipalInsights | n/a | 59acc082-8e28-485e-8897-d2a17e03ed50 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 | none | 09/28/2021 06:26:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | thisScope MG | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | miCentral001 | n/a | 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 | SP MI Usr | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 | none | 01/07/2022 16:52:53 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | thisScope MG | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | n/a | n/a | 638032a0-ff4a-462f-a53b-b99c4cf82964 | Unknown | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 | none | 02/15/2022 12:56:13 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | thisScope MG | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizADO | n/a | 8a2f188e-5b60-45f1-b0c6-12cd0e59576e | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb | none | 05/19/2022 15:36:50 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | thisScope MG | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Joe Dalton | julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com | 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 | User Guest | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 | none | 09/24/2022 06:23:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | thisScope MG | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 | none | 07/19/2021 19:38:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | thisScope MG | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizwwcsecurity | n/a | e261446e-77d2-4cf5-a32a-0fbef8ee1333 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 | none | 04/27/2021 16:53:55 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | thisScope MG | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizAzDO | n/a | efc7b786-0bc9-4d41-aacd-6a54d16f7229 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 | none | 05/21/2022 06:31:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | 896470ca-9c6e-4176-9b38-5a655403c638 | Tenant Root Group | thisScope MG | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgvzGH | n/a | f20c11bb-119b-4914-abaa-99df52ef4f09 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 | none | 01/15/2022 16:26:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Resource Policy Contributor | 36243c78-bf99-498c-9df9-86d9f8d28608 | Builtin | false | False | PolicyPipeline | n/a | 90003bac-487c-4351-ad41-ed1f9e0446c1 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea | none | 10/27/2021 11:18:15 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b | none | 07/06/2021 12:42:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d | none | 06/16/2021 13:58:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizSPARK | n/a | 527c7ca6-7a74-4b5d-bde2-7465ebb9915a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac | none | 02/15/2022 14:42:34 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzAdServicePrincipalInsights | n/a | 59acc082-8e28-485e-8897-d2a17e03ed50 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 | none | 09/28/2021 06:26:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | miCentral001 | n/a | 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 | SP MI Usr | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 | none | 01/07/2022 16:52:53 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | n/a | n/a | 638032a0-ff4a-462f-a53b-b99c4cf82964 | Unknown | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 | none | 02/15/2022 12:56:13 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizADO | n/a | 8a2f188e-5b60-45f1-b0c6-12cd0e59576e | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb | none | 05/19/2022 15:36:50 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Joe Dalton | julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com | 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 | User Guest | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 | none | 09/24/2022 06:23:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 | none | 07/19/2021 19:38:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizwwcsecurity | n/a | e261446e-77d2-4cf5-a32a-0fbef8ee1333 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 | none | 04/27/2021 16:53:55 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizAzDO | n/a | efc7b786-0bc9-4d41-aacd-6a54d16f7229 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 | none | 05/21/2022 06:31:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgvzGH | n/a | f20c11bb-119b-4914-abaa-99df52ef4f09 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 | none | 01/15/2022 16:26:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | ESJH | ESJH | inherited Tenant | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 | none | 01/10/2021 20:27:23 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | ESJH | ESJH | inherited Tenant | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 | none | 01/10/2021 20:51:03 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-VM-Monitoring | n/a | 065dde0b-5eab-4fce-80ee-ec956e94c498 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH | ESJH | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-AzActivity-Log | n/a | 1691aa06-da2e-43f0-98f9-af12494603a9 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH | ESJH | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-ASC-Security | n/a | 4cb4c797-237b-4e64-b2cf-66f841700442 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH | ESJH | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 | none | 01/10/2021 20:55:50 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | ESJH | ESJH | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | enforce0 | n/a | 79d69f2f-2fbe-409e-84c3-3e510c18fd16 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) | 03/16/2022 23:57:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH | ESJH | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-LX-Arc-Monitoring | n/a | 9ed01b2b-9311-41a8-8897-0a329047be49 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH | ESJH | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-VMSS-Monitoring | n/a | a3a4908f-b068-455e-a3f5-38cc5e00448f | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH | ESJH | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-WS-Arc-Monitoring | n/a | b0bdcb08-09c9-4d9d-957e-963d255e7220 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH | ESJH | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-Resource-Diag | n/a | e51576ad-748d-462b-9d70-cb3b03e6c2e6 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJHDEV | ESJHDEV | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Resource Policy Contributor | 36243c78-bf99-498c-9df9-86d9f8d28608 | Builtin | false | False | PolicyPipeline | n/a | 90003bac-487c-4351-ad41-ed1f9e0446c1 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea | none | 10/27/2021 11:18:15 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHDEV | ESJHDEV | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b | none | 07/06/2021 12:42:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHDEV | ESJHDEV | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d | none | 06/16/2021 13:58:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHDEV | ESJHDEV | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizSPARK | n/a | 527c7ca6-7a74-4b5d-bde2-7465ebb9915a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac | none | 02/15/2022 14:42:34 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHDEV | ESJHDEV | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzAdServicePrincipalInsights | n/a | 59acc082-8e28-485e-8897-d2a17e03ed50 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 | none | 09/28/2021 06:26:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHDEV | ESJHDEV | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | miCentral001 | n/a | 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 | SP MI Usr | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 | none | 01/07/2022 16:52:53 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHDEV | ESJHDEV | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | n/a | n/a | 638032a0-ff4a-462f-a53b-b99c4cf82964 | Unknown | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 | none | 02/15/2022 12:56:13 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHDEV | ESJHDEV | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizADO | n/a | 8a2f188e-5b60-45f1-b0c6-12cd0e59576e | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb | none | 05/19/2022 15:36:50 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHDEV | ESJHDEV | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Joe Dalton | julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com | 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 | User Guest | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 | none | 09/24/2022 06:23:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHDEV | ESJHDEV | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 | none | 07/19/2021 19:38:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHDEV | ESJHDEV | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizwwcsecurity | n/a | e261446e-77d2-4cf5-a32a-0fbef8ee1333 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 | none | 04/27/2021 16:53:55 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHDEV | ESJHDEV | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizAzDO | n/a | efc7b786-0bc9-4d41-aacd-6a54d16f7229 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 | none | 05/21/2022 06:31:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHDEV | ESJHDEV | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgvzGH | n/a | f20c11bb-119b-4914-abaa-99df52ef4f09 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 | none | 01/15/2022 16:26:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | ESJHDEV | ESJHDEV | inherited Tenant | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 | none | 01/10/2021 20:27:23 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | ESJHDEV | ESJHDEV | inherited Tenant | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 | none | 01/10/2021 20:51:03 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHDEV | ESJHDEV | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/esjhdev/providers/microsoft.authorization/roleassignments/983c43f8-1c29-4c73-9816-b69d38226be4 | none | 07/06/2021 13:09:24 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | ESJHQA | ESJHQA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Resource Policy Contributor | 36243c78-bf99-498c-9df9-86d9f8d28608 | Builtin | false | False | PolicyPipeline | n/a | 90003bac-487c-4351-ad41-ed1f9e0446c1 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea | none | 10/27/2021 11:18:15 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHQA | ESJHQA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b | none | 07/06/2021 12:42:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHQA | ESJHQA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d | none | 06/16/2021 13:58:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHQA | ESJHQA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizSPARK | n/a | 527c7ca6-7a74-4b5d-bde2-7465ebb9915a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac | none | 02/15/2022 14:42:34 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHQA | ESJHQA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzAdServicePrincipalInsights | n/a | 59acc082-8e28-485e-8897-d2a17e03ed50 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 | none | 09/28/2021 06:26:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHQA | ESJHQA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | miCentral001 | n/a | 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 | SP MI Usr | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 | none | 01/07/2022 16:52:53 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHQA | ESJHQA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | n/a | n/a | 638032a0-ff4a-462f-a53b-b99c4cf82964 | Unknown | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 | none | 02/15/2022 12:56:13 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHQA | ESJHQA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizADO | n/a | 8a2f188e-5b60-45f1-b0c6-12cd0e59576e | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb | none | 05/19/2022 15:36:50 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHQA | ESJHQA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Joe Dalton | julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com | 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 | User Guest | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 | none | 09/24/2022 06:23:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHQA | ESJHQA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 | none | 07/19/2021 19:38:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHQA | ESJHQA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizwwcsecurity | n/a | e261446e-77d2-4cf5-a32a-0fbef8ee1333 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 | none | 04/27/2021 16:53:55 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHQA | ESJHQA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizAzDO | n/a | efc7b786-0bc9-4d41-aacd-6a54d16f7229 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 | none | 05/21/2022 06:31:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHQA | ESJHQA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgvzGH | n/a | f20c11bb-119b-4914-abaa-99df52ef4f09 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 | none | 01/15/2022 16:26:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | ESJHQA | ESJHQA | inherited Tenant | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 | none | 01/10/2021 20:27:23 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | ESJHQA | ESJHQA | inherited Tenant | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 | none | 01/10/2021 20:51:03 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJHQA | ESJHQA | thisScope MG | Security Reader | 39bc4728-0917-49c7-9d2c-d95423bc2eb4 | Builtin | false | False | group04NoMembers | n/a | 5f90ced2-7d5e-493b-9db6-862b9332e20a | Group | direct | 0 (Usr: 0, Grp: 0, SP: 0) | False | /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/e010f291-49a9-4d4b-be4d-55c6aeb164cd | none | 08/06/2021 09:30:11 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | ESJHQA | ESJHQA | thisScope MG | Log Analytics Reader | 73c42c96-874c-492b-b04d-ab87d138a893 | Builtin | false | False | group04NoMembers | n/a | 5f90ced2-7d5e-493b-9db6-862b9332e20a | Group | indirect | group05OneMemberGroupWithNoMembers (c57f8838-1603-4932-b3c4-9572feea9173) | 1 (Usr: 0, Grp: 1, SP: 0) | False | /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/fe935a9c-928f-4dec-aafb-54ecc2642cf3 | none | 08/06/2021 09:30:52 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | ESJHQA | ESJHQA | thisScope MG | Log Analytics Reader | 73c42c96-874c-492b-b04d-ab87d138a893 | Builtin | false | False | group05OneMemberGroupWithNoMembers | n/a | c57f8838-1603-4932-b3c4-9572feea9173 | Group | direct | 1 (Usr: 0, Grp: 1, SP: 0) | False | /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/fe935a9c-928f-4dec-aafb-54ecc2642cf3 | none | 08/06/2021 09:30:52 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | ESJHQA | ESJHQA | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/9f1fe9df-5a9c-46ca-b881-154ecd19eaa7 | none | 07/06/2021 10:02:27 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | test01 | test01 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Resource Policy Contributor | 36243c78-bf99-498c-9df9-86d9f8d28608 | Builtin | false | False | PolicyPipeline | n/a | 90003bac-487c-4351-ad41-ed1f9e0446c1 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea | none | 10/27/2021 11:18:15 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b | none | 07/06/2021 12:42:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d | none | 06/16/2021 13:58:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizSPARK | n/a | 527c7ca6-7a74-4b5d-bde2-7465ebb9915a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac | none | 02/15/2022 14:42:34 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzAdServicePrincipalInsights | n/a | 59acc082-8e28-485e-8897-d2a17e03ed50 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 | none | 09/28/2021 06:26:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | miCentral001 | n/a | 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 | SP MI Usr | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 | none | 01/07/2022 16:52:53 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | n/a | n/a | 638032a0-ff4a-462f-a53b-b99c4cf82964 | Unknown | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 | none | 02/15/2022 12:56:13 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizADO | n/a | 8a2f188e-5b60-45f1-b0c6-12cd0e59576e | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb | none | 05/19/2022 15:36:50 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Joe Dalton | julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com | 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 | User Guest | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 | none | 09/24/2022 06:23:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 | none | 07/19/2021 19:38:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizwwcsecurity | n/a | e261446e-77d2-4cf5-a32a-0fbef8ee1333 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 | none | 04/27/2021 16:53:55 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizAzDO | n/a | efc7b786-0bc9-4d41-aacd-6a54d16f7229 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 | none | 05/21/2022 06:31:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgvzGH | n/a | f20c11bb-119b-4914-abaa-99df52ef4f09 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 | none | 01/15/2022 16:26:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | test01 | test01 | inherited Tenant | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 | none | 01/10/2021 20:27:23 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | test01 | test01 | inherited Tenant | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 | none | 01/10/2021 20:51:03 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | thisScope MG | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | MS-PIM | n/a | f70514be-80e6-46e8-b985-ce72f5ee8e09 | SP APP EXT | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a4638306-2a51-41b7-bb64-2d5297a04046 | none | 04/27/2022 21:29:11 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | n/a | n/a | 604ec94a-0860-478f-bc42-a2b599f1a505 | Unknown | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f | none | 03/09/2022 16:37:12 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a743ba10-46f5-4f1a-9d45-717d0c307c67 | none | 10/27/2021 14:29:28 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | test01 | test01 | thisScope MG | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Calamity Jane | Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com | 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 | User Guest | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/45462efa-a1a1-42b6-8d51-566171d6835a | none | 04/27/2022 21:30:12 | ObjectType: SP APP EXT, ObjectDisplayName: MS-PIM, ObjectSignInName: n/a, ObjectId: f70514be-80e6-46e8-b985-ce72f5ee8e09 | |||||||
| Mg | test01 | test01 | thisScope MG | Contributor | b24988ac-6180-42a0-ab88-20f7382dd24c | Builtin | false | False | 1234-SubOwner | n/a | 7d6d814f-5955-4ec8-ae38-f5211298aa2f | Group | direct | 1 (Usr: 1, Grp: 0, SP: 0) | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb | none | 03/10/2022 08:09:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | test01 | test01 | thisScope MG | Contributor | b24988ac-6180-42a0-ab88-20f7382dd24c | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | indirect | 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) | 1 (Usr: 1, Grp: 0, SP: 0) | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb | none | 03/10/2022 08:09:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01 | test01 | thisScope MG | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | 1b5ac3236f0246ef83a14435 | n/a | 04b9b3f5-86a7-48cf-85fd-cce9468568db | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 (1234_AP_MG_RA_onSub) | 03/10/2022 15:03:14 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | thisScope MG | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | a2d9426ccece4000b889c72f | n/a | 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054 | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f (1234_AP_MG_RA_onSub) | 03/10/2022 13:33:47 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | thisScope MG | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | abe0212187e243e89ce5a623 | n/a | 41d30710-9d12-4361-ad69-ad313b2c427c | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3 | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 (My_AP_MG_raOnSub) | 03/11/2022 07:44:51 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01 | test01 | thisScope MG | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | 5f9ec45db52f479e940fc150 | n/a | 84a55248-e141-4ea6-b6ad-23791f5e8980 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 (1234_AP_MG_RA_onSub) | 03/10/2022 13:32:32 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Resource Policy Contributor | 36243c78-bf99-498c-9df9-86d9f8d28608 | Builtin | false | False | PolicyPipeline | n/a | 90003bac-487c-4351-ad41-ed1f9e0446c1 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea | none | 10/27/2021 11:18:15 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b | none | 07/06/2021 12:42:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d | none | 06/16/2021 13:58:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizSPARK | n/a | 527c7ca6-7a74-4b5d-bde2-7465ebb9915a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac | none | 02/15/2022 14:42:34 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzAdServicePrincipalInsights | n/a | 59acc082-8e28-485e-8897-d2a17e03ed50 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 | none | 09/28/2021 06:26:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | miCentral001 | n/a | 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 | SP MI Usr | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 | none | 01/07/2022 16:52:53 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | n/a | n/a | 638032a0-ff4a-462f-a53b-b99c4cf82964 | Unknown | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 | none | 02/15/2022 12:56:13 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizADO | n/a | 8a2f188e-5b60-45f1-b0c6-12cd0e59576e | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb | none | 05/19/2022 15:36:50 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Joe Dalton | julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com | 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 | User Guest | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 | none | 09/24/2022 06:23:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 | none | 07/19/2021 19:38:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizwwcsecurity | n/a | e261446e-77d2-4cf5-a32a-0fbef8ee1333 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 | none | 04/27/2021 16:53:55 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizAzDO | n/a | efc7b786-0bc9-4d41-aacd-6a54d16f7229 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 | none | 05/21/2022 06:31:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgvzGH | n/a | f20c11bb-119b-4914-abaa-99df52ef4f09 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 | none | 01/15/2022 16:26:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-VM-Monitoring | n/a | 065dde0b-5eab-4fce-80ee-ec956e94c498 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-AzActivity-Log | n/a | 1691aa06-da2e-43f0-98f9-af12494603a9 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-ASC-Security | n/a | 4cb4c797-237b-4e64-b2cf-66f841700442 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 | none | 01/10/2021 20:55:50 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | enforce0 | n/a | 79d69f2f-2fbe-409e-84c3-3e510c18fd16 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) | 03/16/2022 23:57:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-LX-Arc-Monitoring | n/a | 9ed01b2b-9311-41a8-8897-0a329047be49 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-VMSS-Monitoring | n/a | a3a4908f-b068-455e-a3f5-38cc5e00448f | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-WS-Arc-Monitoring | n/a | b0bdcb08-09c9-4d9d-957e-963d255e7220 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-Resource-Diag | n/a | e51576ad-748d-462b-9d70-cb3b03e6c2e6 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Ten | ESJH-decommissioned | ESJH-decommissioned | inherited Tenant | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 | none | 01/10/2021 20:27:23 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | ESJH-decommissioned | ESJH-decommissioned | inherited Tenant | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 | none | 01/10/2021 20:51:03 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | thisScope MG | Security Reader | 39bc4728-0917-49c7-9d2c-d95423bc2eb4 | Builtin | false | False | Jesse James | Jesse.James@AzGovViz.onmicrosoft.com | 6f71f3b7-98e1-4821-8116-13b41476ef84 | User Member | direct | False | /providers/microsoft.management/managementgroups/esjh-decommissioned/providers/microsoft.authorization/roleassignments/9bdf3098-8e69-4e98-bd8c-22b991783b10 | none | 06/16/2021 09:52:59 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-decommissioned | ESJH-decommissioned | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.management/managementgroups/esjh-decommissioned/providers/microsoft.authorization/roleassignments/81bb9ace-a96d-47ab-b9a2-8952e655aa0c | none | 01/10/2021 20:56:27 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Resource Policy Contributor | 36243c78-bf99-498c-9df9-86d9f8d28608 | Builtin | false | False | PolicyPipeline | n/a | 90003bac-487c-4351-ad41-ed1f9e0446c1 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea | none | 10/27/2021 11:18:15 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b | none | 07/06/2021 12:42:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d | none | 06/16/2021 13:58:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizSPARK | n/a | 527c7ca6-7a74-4b5d-bde2-7465ebb9915a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac | none | 02/15/2022 14:42:34 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzAdServicePrincipalInsights | n/a | 59acc082-8e28-485e-8897-d2a17e03ed50 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 | none | 09/28/2021 06:26:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | miCentral001 | n/a | 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 | SP MI Usr | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 | none | 01/07/2022 16:52:53 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | n/a | n/a | 638032a0-ff4a-462f-a53b-b99c4cf82964 | Unknown | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 | none | 02/15/2022 12:56:13 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizADO | n/a | 8a2f188e-5b60-45f1-b0c6-12cd0e59576e | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb | none | 05/19/2022 15:36:50 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Joe Dalton | julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com | 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 | User Guest | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 | none | 09/24/2022 06:23:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 | none | 07/19/2021 19:38:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizwwcsecurity | n/a | e261446e-77d2-4cf5-a32a-0fbef8ee1333 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 | none | 04/27/2021 16:53:55 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizAzDO | n/a | efc7b786-0bc9-4d41-aacd-6a54d16f7229 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 | none | 05/21/2022 06:31:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgvzGH | n/a | f20c11bb-119b-4914-abaa-99df52ef4f09 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 | none | 01/15/2022 16:26:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-VM-Monitoring | n/a | 065dde0b-5eab-4fce-80ee-ec956e94c498 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-AzActivity-Log | n/a | 1691aa06-da2e-43f0-98f9-af12494603a9 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-ASC-Security | n/a | 4cb4c797-237b-4e64-b2cf-66f841700442 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 | none | 01/10/2021 20:55:50 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | enforce0 | n/a | 79d69f2f-2fbe-409e-84c3-3e510c18fd16 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) | 03/16/2022 23:57:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-LX-Arc-Monitoring | n/a | 9ed01b2b-9311-41a8-8897-0a329047be49 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-VMSS-Monitoring | n/a | a3a4908f-b068-455e-a3f5-38cc5e00448f | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-WS-Arc-Monitoring | n/a | b0bdcb08-09c9-4d9d-957e-963d255e7220 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-Resource-Diag | n/a | e51576ad-748d-462b-9d70-cb3b03e6c2e6 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Ten | ESJH-landingzones | ESJH-landingzones | inherited Tenant | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 | none | 01/10/2021 20:27:23 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | ESJH-landingzones | ESJH-landingzones | inherited Tenant | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 | none | 01/10/2021 20:51:03 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Enforce-SQL-Encryption | n/a | 34520a11-7b14-46a8-ac34-7d766959460a | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption (Deploy SQL DB transparent data encryption) | 01/10/2021 20:58:36 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-SQL-DB-Auditing | n/a | 4f3a2551-ea2f-43c6-9623-8950156d19b7 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing (Auditing on SQL server should be enabled) | 01/10/2021 20:58:39 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/093ad67e-4eae-4536-aa0b-da4e09b47d88 | none | 01/10/2021 20:56:27 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-VM-Backup | n/a | e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup (Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy) | 01/10/2021 20:58:36 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-AKS-Policy | n/a | fb0a7498-393f-434d-aa93-2acd144f489f | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345 | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy (Deploy Azure Policy Add-on to Azure Kubernetes Service clusters) | 01/10/2021 20:58:39 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope MG | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Calamity Jane | Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com | 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 | User Guest | indirect | 3rdPartyStaff (cb036073-f86b-46e1-9726-1eaccb62a678) | 1 (Usr: 1, Grp: 0, SP: 0) | False | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 | none | 01/25/2021 22:02:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | ESJH-landingzones | ESJH-landingzones | thisScope MG | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | 3rdPartyStaff | n/a | cb036073-f86b-46e1-9726-1eaccb62a678 | Group | direct | 1 (Usr: 1, Grp: 0, SP: 0) | False | /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 | none | 01/25/2021 22:02:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | ESJH-platform | ESJH-platform | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Resource Policy Contributor | 36243c78-bf99-498c-9df9-86d9f8d28608 | Builtin | false | False | PolicyPipeline | n/a | 90003bac-487c-4351-ad41-ed1f9e0446c1 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea | none | 10/27/2021 11:18:15 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b | none | 07/06/2021 12:42:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d | none | 06/16/2021 13:58:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizSPARK | n/a | 527c7ca6-7a74-4b5d-bde2-7465ebb9915a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac | none | 02/15/2022 14:42:34 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzAdServicePrincipalInsights | n/a | 59acc082-8e28-485e-8897-d2a17e03ed50 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 | none | 09/28/2021 06:26:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | miCentral001 | n/a | 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 | SP MI Usr | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 | none | 01/07/2022 16:52:53 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | n/a | n/a | 638032a0-ff4a-462f-a53b-b99c4cf82964 | Unknown | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 | none | 02/15/2022 12:56:13 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizADO | n/a | 8a2f188e-5b60-45f1-b0c6-12cd0e59576e | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb | none | 05/19/2022 15:36:50 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Joe Dalton | julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com | 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 | User Guest | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 | none | 09/24/2022 06:23:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 | none | 07/19/2021 19:38:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizwwcsecurity | n/a | e261446e-77d2-4cf5-a32a-0fbef8ee1333 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 | none | 04/27/2021 16:53:55 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizAzDO | n/a | efc7b786-0bc9-4d41-aacd-6a54d16f7229 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 | none | 05/21/2022 06:31:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgvzGH | n/a | f20c11bb-119b-4914-abaa-99df52ef4f09 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 | none | 01/15/2022 16:26:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-VM-Monitoring | n/a | 065dde0b-5eab-4fce-80ee-ec956e94c498 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-AzActivity-Log | n/a | 1691aa06-da2e-43f0-98f9-af12494603a9 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-ASC-Security | n/a | 4cb4c797-237b-4e64-b2cf-66f841700442 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 | none | 01/10/2021 20:55:50 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | enforce0 | n/a | 79d69f2f-2fbe-409e-84c3-3e510c18fd16 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) | 03/16/2022 23:57:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-LX-Arc-Monitoring | n/a | 9ed01b2b-9311-41a8-8897-0a329047be49 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-VMSS-Monitoring | n/a | a3a4908f-b068-455e-a3f5-38cc5e00448f | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-WS-Arc-Monitoring | n/a | b0bdcb08-09c9-4d9d-957e-963d255e7220 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-platform | ESJH-platform | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-Resource-Diag | n/a | e51576ad-748d-462b-9d70-cb3b03e6c2e6 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Ten | ESJH-platform | ESJH-platform | inherited Tenant | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 | none | 01/10/2021 20:27:23 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | ESJH-platform | ESJH-platform | inherited Tenant | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 | none | 01/10/2021 20:51:03 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-platform | ESJH-platform | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/roleassignments/243cb616-b890-4197-bc2e-98b966ba39f5 | none | 01/10/2021 20:56:28 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Resource Policy Contributor | 36243c78-bf99-498c-9df9-86d9f8d28608 | Builtin | false | False | PolicyPipeline | n/a | 90003bac-487c-4351-ad41-ed1f9e0446c1 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea | none | 10/27/2021 11:18:15 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b | none | 07/06/2021 12:42:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d | none | 06/16/2021 13:58:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizSPARK | n/a | 527c7ca6-7a74-4b5d-bde2-7465ebb9915a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac | none | 02/15/2022 14:42:34 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzAdServicePrincipalInsights | n/a | 59acc082-8e28-485e-8897-d2a17e03ed50 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 | none | 09/28/2021 06:26:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | miCentral001 | n/a | 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 | SP MI Usr | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 | none | 01/07/2022 16:52:53 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | n/a | n/a | 638032a0-ff4a-462f-a53b-b99c4cf82964 | Unknown | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 | none | 02/15/2022 12:56:13 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizADO | n/a | 8a2f188e-5b60-45f1-b0c6-12cd0e59576e | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb | none | 05/19/2022 15:36:50 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Joe Dalton | julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com | 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 | User Guest | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 | none | 09/24/2022 06:23:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 | none | 07/19/2021 19:38:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizwwcsecurity | n/a | e261446e-77d2-4cf5-a32a-0fbef8ee1333 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 | none | 04/27/2021 16:53:55 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizAzDO | n/a | efc7b786-0bc9-4d41-aacd-6a54d16f7229 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 | none | 05/21/2022 06:31:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgvzGH | n/a | f20c11bb-119b-4914-abaa-99df52ef4f09 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 | none | 01/15/2022 16:26:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-VM-Monitoring | n/a | 065dde0b-5eab-4fce-80ee-ec956e94c498 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-AzActivity-Log | n/a | 1691aa06-da2e-43f0-98f9-af12494603a9 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-ASC-Security | n/a | 4cb4c797-237b-4e64-b2cf-66f841700442 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 | none | 01/10/2021 20:55:50 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | enforce0 | n/a | 79d69f2f-2fbe-409e-84c3-3e510c18fd16 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) | 03/16/2022 23:57:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-LX-Arc-Monitoring | n/a | 9ed01b2b-9311-41a8-8897-0a329047be49 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-VMSS-Monitoring | n/a | a3a4908f-b068-455e-a3f5-38cc5e00448f | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-WS-Arc-Monitoring | n/a | b0bdcb08-09c9-4d9d-957e-963d255e7220 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-Resource-Diag | n/a | e51576ad-748d-462b-9d70-cb3b03e6c2e6 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Ten | ESJH-sandboxes | ESJH-sandboxes | inherited Tenant | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 | none | 01/10/2021 20:27:23 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | ESJH-sandboxes | ESJH-sandboxes | inherited Tenant | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 | none | 01/10/2021 20:51:03 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/roleassignments/5c852bb9-bc65-44cb-a7d7-f230589f9c5f | none | 01/10/2021 20:56:28 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | ESJH-sandboxes | ESJH-sandboxes | thisScope MG | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/roleassignments/5c852bb9-bc65-44cb-a7d7-f230589f9c11 | none | 07/05/2021 08:20:09 | ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Resource Policy Contributor | 36243c78-bf99-498c-9df9-86d9f8d28608 | Builtin | false | False | PolicyPipeline | n/a | 90003bac-487c-4351-ad41-ed1f9e0446c1 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea | none | 10/27/2021 11:18:15 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b | none | 07/06/2021 12:42:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d | none | 06/16/2021 13:58:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizSPARK | n/a | 527c7ca6-7a74-4b5d-bde2-7465ebb9915a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac | none | 02/15/2022 14:42:34 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzAdServicePrincipalInsights | n/a | 59acc082-8e28-485e-8897-d2a17e03ed50 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 | none | 09/28/2021 06:26:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | miCentral001 | n/a | 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 | SP MI Usr | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 | none | 01/07/2022 16:52:53 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | n/a | n/a | 638032a0-ff4a-462f-a53b-b99c4cf82964 | Unknown | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 | none | 02/15/2022 12:56:13 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizADO | n/a | 8a2f188e-5b60-45f1-b0c6-12cd0e59576e | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb | none | 05/19/2022 15:36:50 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Joe Dalton | julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com | 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 | User Guest | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 | none | 09/24/2022 06:23:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 | none | 07/19/2021 19:38:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizwwcsecurity | n/a | e261446e-77d2-4cf5-a32a-0fbef8ee1333 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 | none | 04/27/2021 16:53:55 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizAzDO | n/a | efc7b786-0bc9-4d41-aacd-6a54d16f7229 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 | none | 05/21/2022 06:31:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgvzGH | n/a | f20c11bb-119b-4914-abaa-99df52ef4f09 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 | none | 01/15/2022 16:26:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | test01-APAC_ID | test01-APAC | inherited Tenant | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 | none | 01/10/2021 20:27:23 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | test01-APAC_ID | test01-APAC | inherited Tenant | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 | none | 01/10/2021 20:51:03 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | MS-PIM | n/a | f70514be-80e6-46e8-b985-ce72f5ee8e09 | SP APP EXT | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a4638306-2a51-41b7-bb64-2d5297a04046 | none | 04/27/2022 21:29:11 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | n/a | n/a | 604ec94a-0860-478f-bc42-a2b599f1a505 | Unknown | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f | none | 03/09/2022 16:37:12 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a743ba10-46f5-4f1a-9d45-717d0c307c67 | none | 10/27/2021 14:29:28 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Calamity Jane | Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com | 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 | User Guest | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/45462efa-a1a1-42b6-8d51-566171d6835a | none | 04/27/2022 21:30:12 | ObjectType: SP APP EXT, ObjectDisplayName: MS-PIM, ObjectSignInName: n/a, ObjectId: f70514be-80e6-46e8-b985-ce72f5ee8e09 | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | Contributor | b24988ac-6180-42a0-ab88-20f7382dd24c | Builtin | false | False | 1234-SubOwner | n/a | 7d6d814f-5955-4ec8-ae38-f5211298aa2f | Group | direct | 1 (Usr: 1, Grp: 0, SP: 0) | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb | none | 03/10/2022 08:09:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | Contributor | b24988ac-6180-42a0-ab88-20f7382dd24c | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | indirect | 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) | 1 (Usr: 1, Grp: 0, SP: 0) | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb | none | 03/10/2022 08:09:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | 1b5ac3236f0246ef83a14435 | n/a | 04b9b3f5-86a7-48cf-85fd-cce9468568db | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 (1234_AP_MG_RA_onSub) | 03/10/2022 15:03:14 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | a2d9426ccece4000b889c72f | n/a | 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054 | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f (1234_AP_MG_RA_onSub) | 03/10/2022 13:33:47 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | abe0212187e243e89ce5a623 | n/a | 41d30710-9d12-4361-ad69-ad313b2c427c | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3 | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 (My_AP_MG_raOnSub) | 03/11/2022 07:44:51 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | inherited test01 | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | 5f9ec45db52f479e940fc150 | n/a | 84a55248-e141-4ea6-b6ad-23791f5e8980 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 (1234_AP_MG_RA_onSub) | 03/10/2022 13:32:32 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-APAC_ID | test01-APAC | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/test01-apac_id/providers/microsoft.authorization/roleassignments/d53a075b-ed91-4ece-b9e4-86c5a57d50bf | none | 01/31/2022 05:19:20 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Resource Policy Contributor | 36243c78-bf99-498c-9df9-86d9f8d28608 | Builtin | false | False | PolicyPipeline | n/a | 90003bac-487c-4351-ad41-ed1f9e0446c1 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea | none | 10/27/2021 11:18:15 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b | none | 07/06/2021 12:42:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d | none | 06/16/2021 13:58:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizSPARK | n/a | 527c7ca6-7a74-4b5d-bde2-7465ebb9915a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac | none | 02/15/2022 14:42:34 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzAdServicePrincipalInsights | n/a | 59acc082-8e28-485e-8897-d2a17e03ed50 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 | none | 09/28/2021 06:26:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | miCentral001 | n/a | 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 | SP MI Usr | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 | none | 01/07/2022 16:52:53 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | n/a | n/a | 638032a0-ff4a-462f-a53b-b99c4cf82964 | Unknown | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 | none | 02/15/2022 12:56:13 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizADO | n/a | 8a2f188e-5b60-45f1-b0c6-12cd0e59576e | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb | none | 05/19/2022 15:36:50 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Joe Dalton | julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com | 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 | User Guest | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 | none | 09/24/2022 06:23:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 | none | 07/19/2021 19:38:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizwwcsecurity | n/a | e261446e-77d2-4cf5-a32a-0fbef8ee1333 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 | none | 04/27/2021 16:53:55 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizAzDO | n/a | efc7b786-0bc9-4d41-aacd-6a54d16f7229 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 | none | 05/21/2022 06:31:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgvzGH | n/a | f20c11bb-119b-4914-abaa-99df52ef4f09 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 | none | 01/15/2022 16:26:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | test01-EMEA_ID | test01-EMEA | inherited Tenant | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 | none | 01/10/2021 20:27:23 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Ten | test01-EMEA_ID | test01-EMEA | inherited Tenant | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 | none | 01/10/2021 20:51:03 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | MS-PIM | n/a | f70514be-80e6-46e8-b985-ce72f5ee8e09 | SP APP EXT | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a4638306-2a51-41b7-bb64-2d5297a04046 | none | 04/27/2022 21:29:11 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | n/a | n/a | 604ec94a-0860-478f-bc42-a2b599f1a505 | Unknown | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f | none | 03/09/2022 16:37:12 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a743ba10-46f5-4f1a-9d45-717d0c307c67 | none | 10/27/2021 14:29:28 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Calamity Jane | Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com | 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 | User Guest | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/45462efa-a1a1-42b6-8d51-566171d6835a | none | 04/27/2022 21:30:12 | ObjectType: SP APP EXT, ObjectDisplayName: MS-PIM, ObjectSignInName: n/a, ObjectId: f70514be-80e6-46e8-b985-ce72f5ee8e09 | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | Contributor | b24988ac-6180-42a0-ab88-20f7382dd24c | Builtin | false | False | 1234-SubOwner | n/a | 7d6d814f-5955-4ec8-ae38-f5211298aa2f | Group | direct | 1 (Usr: 1, Grp: 0, SP: 0) | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb | none | 03/10/2022 08:09:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | Contributor | b24988ac-6180-42a0-ab88-20f7382dd24c | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | indirect | 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) | 1 (Usr: 1, Grp: 0, SP: 0) | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb | none | 03/10/2022 08:09:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | 1b5ac3236f0246ef83a14435 | n/a | 04b9b3f5-86a7-48cf-85fd-cce9468568db | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 (1234_AP_MG_RA_onSub) | 03/10/2022 15:03:14 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | a2d9426ccece4000b889c72f | n/a | 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054 | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f (1234_AP_MG_RA_onSub) | 03/10/2022 13:33:47 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | abe0212187e243e89ce5a623 | n/a | 41d30710-9d12-4361-ad69-ad313b2c427c | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3 | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 (My_AP_MG_raOnSub) | 03/11/2022 07:44:51 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | inherited test01 | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | 5f9ec45db52f479e940fc150 | n/a | 84a55248-e141-4ea6-b6ad-23791f5e8980 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 (1234_AP_MG_RA_onSub) | 03/10/2022 13:32:32 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | thisScope MG | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/test01-emea_id/providers/microsoft.authorization/roleassignments/b3e7a86e-9057-45d0-b7da-004932703b32 | none | 12/31/2021 09:59:27 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Resource Policy Contributor | 36243c78-bf99-498c-9df9-86d9f8d28608 | Builtin | false | False | PolicyPipeline | n/a | 90003bac-487c-4351-ad41-ed1f9e0446c1 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea | none | 10/27/2021 11:18:15 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b | none | 07/06/2021 12:42:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d | none | 06/16/2021 13:58:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizSPARK | n/a | 527c7ca6-7a74-4b5d-bde2-7465ebb9915a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac | none | 02/15/2022 14:42:34 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzAdServicePrincipalInsights | n/a | 59acc082-8e28-485e-8897-d2a17e03ed50 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 | none | 09/28/2021 06:26:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | miCentral001 | n/a | 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 | SP MI Usr | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 | none | 01/07/2022 16:52:53 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | n/a | n/a | 638032a0-ff4a-462f-a53b-b99c4cf82964 | Unknown | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 | none | 02/15/2022 12:56:13 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizADO | n/a | 8a2f188e-5b60-45f1-b0c6-12cd0e59576e | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb | none | 05/19/2022 15:36:50 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Joe Dalton | julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com | 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 | User Guest | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 | none | 09/24/2022 06:23:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 | none | 07/19/2021 19:38:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizwwcsecurity | n/a | e261446e-77d2-4cf5-a32a-0fbef8ee1333 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 | none | 04/27/2021 16:53:55 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizAzDO | n/a | efc7b786-0bc9-4d41-aacd-6a54d16f7229 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 | none | 05/21/2022 06:31:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgvzGH | n/a | f20c11bb-119b-4914-abaa-99df52ef4f09 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 | none | 01/15/2022 16:26:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Ten | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited Tenant | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 | none | 01/10/2021 20:27:23 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Ten | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited Tenant | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 | none | 01/10/2021 20:51:03 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | User Access Administrator | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 | Builtin | false | True | MS-PIM | n/a | f70514be-80e6-46e8-b985-ce72f5ee8e09 | SP APP EXT | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a4638306-2a51-41b7-bb64-2d5297a04046 | none | 04/27/2022 21:29:11 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | n/a | n/a | 604ec94a-0860-478f-bc42-a2b599f1a505 | Unknown | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f | none | 03/09/2022 16:37:12 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a743ba10-46f5-4f1a-9d45-717d0c307c67 | none | 10/27/2021 14:29:28 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Calamity Jane | Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com | 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 | User Guest | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/45462efa-a1a1-42b6-8d51-566171d6835a | none | 04/27/2022 21:30:12 | ObjectType: SP APP EXT, ObjectDisplayName: MS-PIM, ObjectSignInName: n/a, ObjectId: f70514be-80e6-46e8-b985-ce72f5ee8e09 | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | Contributor | b24988ac-6180-42a0-ab88-20f7382dd24c | Builtin | false | False | 1234-SubOwner | n/a | 7d6d814f-5955-4ec8-ae38-f5211298aa2f | Group | direct | 1 (Usr: 1, Grp: 0, SP: 0) | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb | none | 03/10/2022 08:09:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | Contributor | b24988ac-6180-42a0-ab88-20f7382dd24c | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | indirect | 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) | 1 (Usr: 1, Grp: 0, SP: 0) | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb | none | 03/10/2022 08:09:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | 1b5ac3236f0246ef83a14435 | n/a | 04b9b3f5-86a7-48cf-85fd-cce9468568db | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 (1234_AP_MG_RA_onSub) | 03/10/2022 15:03:14 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | a2d9426ccece4000b889c72f | n/a | 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054 | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f (1234_AP_MG_RA_onSub) | 03/10/2022 13:33:47 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | abe0212187e243e89ce5a623 | n/a | 41d30710-9d12-4361-ad69-ad313b2c427c | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3 | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 (My_AP_MG_raOnSub) | 03/11/2022 07:44:51 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01 | 1234 RoleAssignmentSubscriptionOwner | 1ee892e0-67a1-4b4c-b171-8c3a371692a9 | Custom | false | True | 5f9ec45db52f479e940fc150 | n/a | 84a55248-e141-4ea6-b6ad-23791f5e8980 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a | /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 (1234_AP_MG_RA_onSub) | 03/10/2022 13:32:32 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | inherited test01-EMEA_ID | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/test01-emea_id/providers/microsoft.authorization/roleassignments/b3e7a86e-9057-45d0-b7da-004932703b32 | none | 12/31/2021 09:59:27 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | 1234-SubOwner | n/a | 7d6d814f-5955-4ec8-ae38-f5211298aa2f | Group | direct | 1 (Usr: 1, Grp: 0, SP: 0) | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/970054de-6c25-5393-afcd-bef8453a50fd | none | 03/10/2022 18:47:54 | ObjectType: SP MI Sys, ObjectDisplayName: 5f9ec45db52f479e940fc150, ObjectSignInName: n/a, ObjectId: 84a55248-e141-4ea6-b6ad-23791f5e8980 | ||||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | indirect | 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) | 1 (Usr: 1, Grp: 0, SP: 0) | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/970054de-6c25-5393-afcd-bef8453a50fd | none | 03/10/2022 18:47:54 | ObjectType: SP MI Sys, ObjectDisplayName: 5f9ec45db52f479e940fc150, ObjectSignInName: n/a, ObjectId: 84a55248-e141-4ea6-b6ad-23791f5e8980 | |||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | Log Analytics Contributor | 92aaf0da-9dab-42b6-94a3-d43ce8d16293 | Builtin | false | False | e184b6792089442786621cfe | n/a | 71f8ba53-97da-4880-8d02-8b22176c9317 | SP MI Sys | direct | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/a11b5e6d-bb3d-43ea-8009-733bc510f16b | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/e184b6792089442786621cfe (DiagSubscriptionsDim) | 06/24/2022 15:46:27 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | user00 | user00@AzGovViz.onmicrosoft.com | 05687e51-8ebb-4a06-9eae-9e9786f79090 | User Member | indirect | group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) | 6 (Usr: 4, Grp: 2, SP: 0) | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 | none | 03/11/2022 07:52:51 | ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c | |||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | mi4439 | n/a | 4b8bce68-e5f3-47d9-9420-66187e697c64 | SP MI Usr | direct | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/76c168f5-9ca6-4e1f-bc44-f7cf435a9e12 | none | 01/08/2022 16:38:03 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | group04NoMembers | n/a | 5f90ced2-7d5e-493b-9db6-862b9332e20a | Group | direct | 0 (Usr: 0, Grp: 0, SP: 0) | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/d13dccbe-d20e-46c5-9459-fbff922e2b22 | none | 03/11/2022 07:33:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | ||||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | group01 | n/a | 66f4e0b3-13af-4c93-ad43-67042ed760e5 | Group | indirect | group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) | 6 (Usr: 4, Grp: 2, SP: 0) | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 | none | 03/11/2022 07:52:51 | ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c | |||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | user01 | user01@AzGovViz.onmicrosoft.com | 7dd8e665-9277-4bbb-94f9-ff278ceff8c0 | User Member | indirect | group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) | 6 (Usr: 4, Grp: 2, SP: 0) | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 | none | 03/11/2022 07:52:51 | ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c | |||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | group02 | n/a | 903a7f87-c183-4962-8983-c793a77f18bf | Group | indirect | group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) | 6 (Usr: 4, Grp: 2, SP: 0) | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 | none | 03/11/2022 07:52:51 | ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c | |||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | group00 | n/a | c1916fdd-08d8-439e-a329-d540c6f002a8 | Group | direct | 6 (Usr: 4, Grp: 2, SP: 0) | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 | none | 03/11/2022 07:52:51 | ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c | ||||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | user03 | user03@AzGovViz.onmicrosoft.com | c472fa07-5319-4f5f-8bcd-00d4162bb8fd | User Member | indirect | group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) | 6 (Usr: 4, Grp: 2, SP: 0) | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 | none | 03/11/2022 07:52:51 | ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c | |||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | user02 | user02@AzGovViz.onmicrosoft.com | cb317eea-8af2-4cb8-bde5-516e0b951f1b | User Member | indirect | group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) | 6 (Usr: 4, Grp: 2, SP: 0) | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 | none | 03/11/2022 07:52:51 | ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c | |||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | Contributor | b24988ac-6180-42a0-ab88-20f7382dd24c | Builtin | false | False | 1234-SubOwner | n/a | 7d6d814f-5955-4ec8-ae38-f5211298aa2f | Group | direct | 1 (Usr: 1, Grp: 0, SP: 0) | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/9e637076-9509-527b-bd3f-0e6f82553205 | none | 03/10/2022 13:52:48 | ObjectType: SP MI Sys, ObjectDisplayName: a2d9426ccece4000b889c72f, ObjectSignInName: n/a, ObjectId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 | ||||
| Sub | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub | Contributor | b24988ac-6180-42a0-ab88-20f7382dd24c | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | indirect | 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) | 1 (Usr: 1, Grp: 0, SP: 0) | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/9e637076-9509-527b-bd3f-0e6f82553205 | none | 03/10/2022 13:52:48 | ObjectType: SP MI Sys, ObjectDisplayName: a2d9426ccece4000b889c72f, ObjectSignInName: n/a, ObjectId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 | |||
| RG | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub RG | Contributor | b24988ac-6180-42a0-ab88-20f7382dd24c | Builtin | false | False | William Dalton | william.dalton@AzGovViz.onmicrosoft.com | 3c99d2bc-12b3-4f4f-87a6-c673aed4628c | User Member | direct | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/resourcegroups/dev_p1/providers/microsoft.authorization/roleassignments/c2c51f92-01fe-4a69-b508-1ec383a595f1 | none | 12/31/2021 13:54:48 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Res | test01-EMEA_ID | test01-EMEA | a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 | payg0 | thisScope Sub RG Res | Network Contributor | 4d97b98b-1d4f-4787-a291-c67834d212e7 | Builtin | false | False | William Dalton | william.dalton@AzGovViz.onmicrosoft.com | 3c99d2bc-12b3-4f4f-87a6-c673aed4628c | User Member | direct | False | /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/resourcegroups/prod_p1/providers/microsoft.network/networksecuritygroups/nsgx_p1/providers/microsoft.authorization/roleassignments/b7794256-353c-4e73-89d1-d300ceb8cacd | none | 12/31/2021 13:57:18 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||
| Mg | CUST_T5 | CUST_T5 atz | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Resource Policy Contributor | 36243c78-bf99-498c-9df9-86d9f8d28608 | Builtin | false | False | PolicyPipeline | n/a | 90003bac-487c-4351-ad41-ed1f9e0446c1 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea | none | 10/27/2021 11:18:15 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | AzOps | n/a | c295384a-33d9-475e-abaf-d2fb0274299a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b | none | 07/06/2021 12:42:21 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Joe Dalton | joe.dalton@AzGovViz.onmicrosoft.com | acf4c68f-7b15-4d70-935b-26116fc2426a | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d | none | 06/16/2021 13:58:07 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizSPARK | n/a | 527c7ca6-7a74-4b5d-bde2-7465ebb9915a | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac | none | 02/15/2022 14:42:34 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzAdServicePrincipalInsights | n/a | 59acc082-8e28-485e-8897-d2a17e03ed50 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 | none | 09/28/2021 06:26:08 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | miCentral001 | n/a | 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 | SP MI Usr | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 | none | 01/07/2022 16:52:53 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | n/a | n/a | 638032a0-ff4a-462f-a53b-b99c4cf82964 | Unknown | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 | none | 02/15/2022 12:56:13 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizADO | n/a | 8a2f188e-5b60-45f1-b0c6-12cd0e59576e | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb | none | 05/19/2022 15:36:50 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Joe Dalton | julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com | 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 | User Guest | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 | none | 09/24/2022 06:23:37 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | Jack Dalton | JackDalton@AzGovViz.onmicrosoft.com | c64d2776-a210-428f-b54f-a4a5dd7f8ef8 | User Member | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 | none | 07/19/2021 19:38:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgovvizwwcsecurity | n/a | e261446e-77d2-4cf5-a32a-0fbef8ee1333 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 | none | 04/27/2021 16:53:55 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | AzGovVizAzDO | n/a | efc7b786-0bc9-4d41-aacd-6a54d16f7229 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 | none | 05/21/2022 06:31:10 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited 896470ca-9c6e-4176-9b38-5a655403c638 | Reader | acdd72a7-3385-48ef-bd42-f606fba81ae7 | Builtin | false | False | azgvzGH | n/a | f20c11bb-119b-4914-abaa-99df52ef4f09 | SP APP INT | direct | False | /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 | none | 01/15/2022 16:26:49 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-VM-Monitoring | n/a | 065dde0b-5eab-4fce-80ee-ec956e94c498 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-AzActivity-Log | n/a | 1691aa06-da2e-43f0-98f9-af12494603a9 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-ASC-Security | n/a | 4cb4c797-237b-4e64-b2cf-66f841700442 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | ESDeploymentAccount | ESDeploymentAccount@AzGovViz.onmicrosoft.com | b790b1e1-6f46-488b-8c5a-708b0db9a149 | User Member | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 | none | 01/10/2021 20:55:50 | ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r) | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | enforce0 | n/a | 79d69f2f-2fbe-409e-84c3-3e510c18fd16 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) | 03/16/2022 23:57:25 | ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-LX-Arc-Monitoring | n/a | 9ed01b2b-9311-41a8-8897-0a329047be49 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) | 01/10/2021 21:00:47 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-VMSS-Monitoring | n/a | a3a4908f-b068-455e-a3f5-38cc5e00448f | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | CUST_T5 | CUST_T5 atz | inherited ESJH | Owner | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 | Builtin | false | True | Deploy-WS-Arc-Monitoring | n/a | b0bdcb08-09c9-4d9d-957e-963d255e7220 | SP MI Sys | direct | False | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed | /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) | 01/10/2021 21:00:50 | ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 | |||||||
| Mg | CUST_T5 | CUST_T5 atz< |